KeyServer provides concurrent-use license metering, version control, and
transparent usage monitoring for all programs in use throughout a network
of Macintosh computers.

Effective management of multiple copies of software presents computer site
administrators and Macintosh software publishers with a major dilemma.
Previously available methods of sitewide software control range from
hardware locks, disk-based copy protection, and disk serialization, to
restricted redistribution rights dictated by site licensing.
Unfortunately, the focus of control for all of these methods is the
physical location of the application file or program disk. The details of
controlling physical access and the degree of inconvenience vary, but in a
world of hard disks, networks, file servers and electronic mail,
management based on controlled distribution is intrinsically impractical
or even impossible. Without any practical tools, site administrators and
the software industry are forced to rely on a rather ill-defined
"reasonable effort" at software license compliance.

The Sassafras Solution

KeyServer, developed by Sassafras Software of Hanover NH, addresses the
issue of legal software use and other software control concerns without
introducing new obstacles for either vendor or user. KeyServer runs as a
central network service to enforce concurrent usage limits for
applications that are partially cached on individual Macintoshes. In
addition to performing as a software license server, KeyServer can also
manage software version upgrades throughout a network.

Physical control of the application file or program disk is no longer an
issue. Users are encouraged to freely distribute "keyed" (specially
modified) applications via electronic mail, file servers, diskettes, etc.
All copies are identical and without serialization, but they are useless
without the cooperation of the KeyServer network license server. When a
keyed application is launched from an off-site Macintosh, a message will
simply explain the need for a license server connection and the
application will quit to the Finder.

When active on any AppleTalk network, KeyServer is able to monitor
application use, and to strictly enforce concurrent use licensing
requirements for keyed applications. A client Macintosh automatically logs
on to the network KeyServer at startup time and then applications are
launched as usual. KeyServer can be configured to support requests for a
particular application from all network clients, or support can be
restricted to clients from within the same AppleTalk zone as the server.
If the number of concurrent users of a particular keyed application is
below the licensed maximum, then a key is instantly obtained from
KeyServer and the launch proceeds. In case all keys have been checked out,
KeyServer offers to send notification when a key becomes available. The
user need not pester the KeyServer with repeated requests for the
unavailable application. When another user returns a key, it is reserved
for 5 minutes for the next waiting user, who is notified that the
application can be launched.

Controlled access to application software extends beyond computer
laboratories to include all Macintoshes on an AppleTalk network. In an
academic setting, access to applications from individual faculty and staff
offices can be supported under the same licensing agreement which gives
laboratory (and dorm room) access to students.

Software version control is facilitated by KeyServer's additional messaging
system which is triggered at program launch time. As an example, an
application-specific message can be used to automatically inform a user
that the running software version will not be supported after a certain
date. When the date arrives, any further attempt to launch the program can
be answered by a message explaining where to get an upgrade. This control
and messaging mechanism is also designed to support site-wide trial-use
and instructional-use periods for new programs, and has been used to
deactivate old beta-revision software when a new version is available .

KeyServer Implementation and Requirements

The KeyServer software is interrupt-driven and highly optimized in assembly
language. Network traffic overhead is minimal, and response time is
virtually instantaneous over an AppleTalk network. A system administrator
can install key control into any existing program, or a software vendor
can license the technology and market keyed software directly. The same
server and client software standard supports both locally installed and
vendor installed keys using a secure network Protocol.

Any networked Macintosh can be transformed into a server machine by
starting up with the KeyServer INIT file in the System Folder. A MacPlus
used as the server machine to run KeyServer, will easily support very
large networks and will be able to run standard Macintosh software at the
same time. KeyServer neither depends on nor interferes with other network
services. It can be run on any Macintosh on the network even if the Mac is
simultaneously running as a file server, print server, and mail server.

KeyAccess, KeyServer's partner on each client machine, is a small INIT file
that must be placed in the user's System Folder. Interaction between the
network KeyServer and all keyed applications is handled by KeyAccess,
which allows users concurrent access to keyed applications under
MultiFinder. KeyAccess will transparently support key service on any
Macintosh computer, from the old 512K "fat Mac" to the state-of-the-art
Quadra and it will run under any System software version from 3.2 through
7.0.1 and A/UX.

Design

Transparency to the user and absolute robustness have been the paramount
design goals for the KeyServer system. Network interruptions are tolerated
gracefully; network routers, client machines or the server machine itself
can go down, and if the physical link is re-established within a quarter
of an hour, the server client relationship will heal itself without users
being aware of an interruption . A client can crash while holding the last
key to an application, and then restart and relaunch the application
within 10 minutes - KeyServer will recognize the returning client and
revalidate its old key. Of course, an attempt to launch a keyed program
while the physical link is broken will fail, and a message reporting the
broken link will be presented to the user.

KeyAccess was designed to have no noticeable impact on the user's
environment, and makes no assumptions about the user's hardware and
software configuration. A keyed application can be run from any mounted
volume, whether it is on a remote file server or on a local diskette or
hard disk. The performance of a keyed application is identical to its
unkeyed counterpart.

KeyConfigure Application

Usage limitations for any application can be set by using KeyConfigure,
KeyServer's administration program. KeyConfigure is able to configure and
monitor KeyServer either from the server machine itself, or remotely over
the network - the server machine requires no Finder or MultiFinder visible
software. All administrative control functions, including support for
newly keyed applications, take effect immediately without interruption of
ongoing service. By making minimal and defensive assumptions, KeyConfigure
has been able to successfully install into any Macintosh application. Once
an application is keyed with the KeyConfigure install procedure, it cannot
run without network access to KeyServer.

KeyConfigure also allows an administrator to view the current usage of
KeyServer. A list of the users in contact with KeyServer, followed by any
keyed applications they are using, is available to the system
administrator along with a table of supported applications that displays
current usage counts.

Assurance of Network Service

An optional KeySentry INIT can be run by select network administrators so
that they will receive instant notification of any network interruption
between users and a KeyServer. KeyServer itself may send messages to its
special KeySentry clients to report any necessary status information, such
as the need for some type of log file maintenance.

Log File

KeyServer maintains a date- and time-stamped transaction log file, which
can be configured to report various levels of detail. Summary information
can be dynamically extracted from the active log file using KeyConfigure
either locally or over the network. The log file is simple text, readable
as a tab-delimited data base which can be subjected to complete analysis
using any data base or statistical analysis program.

Testing Grounds

In addition to the standard Macintosh system software releases from 3.2
through 6.0.8, KeyServer has been tested under A/UX 2.0, EtherTalk 2.0,
and System 7.0.1. Hardware environments have ranged from the Mac 512Ke
through the Mac Quadra. It has been extensively tested on a large and
active AppleTalk network which has over 80 zones connecting more than
5,000 Macintosh computers. An application can request a key transparently
across various routers, bridges, low- and high-speed modems, and repeaters
which connect phone lines, twisted pair, coax and fiber links running all
the standard protocols. Throughout the ongoing testing period, no
incompatibility with any application, INIT or particular Macintosh
hardware has been discovered.

For further information contact Sassafras Software at (603) 643-3351 or via
e-mail as Sassafras@dartmouth.edu or via AppleLink as Sassafras.

Sassafras Software
PO Box 150, Hanover, NH 03755
603-643-3351

 ==========================================================
 From the 'New Product Information' Electronic News Service
 ==========================================================
 This information was processed from data provided by the
 above mentioned company. For additional details, contact 
 the company at the address or telephone number indicated.
 ==========================================================
 All submissions for this service should be addressed to:
 BAKER ENTERPRISES,  20 Ferro Dr,  Sewell, NJ 08080  U.S.A.
 Email:  RBakerPC (AOL/Delphi), rbakerpc@aol.com (Internet)
 ==========================================================
