Beruflich Dokumente
Kultur Dokumente
Configuration Guide
Version 2.5
March 2013
Revision: 8700
Table of Contents
Contact Us..............................................................................................................................3
Preface................................................................................................................................... 4
Typographical Conventions....................................................................................................4
Configuration Process............................................................................................................5
Configuration.......................................................................................................................... 6
Authenware Server Access................................................................................................6
Session Handling of the Authentication Process Manager...............................................6
Application Criteria for Authenware................................................................................... 6
Security Aspects................................................................................................................ 7
Signature Quality............................................................................................................... 8
Signature Compression..................................................................................................... 8
Training Criteria................................................................................................................. 9
Handling the Verification Code OTP (One Time Password).........................................10
Alert Handling and Notifications...................................................................................... 13
E-Mail Server and SMS................................................................................................... 16
Directory Service Specifications...................................................................................... 18
Credential Server Specifications..................................................................................... 20
Juniper Radius Integration...............................................................................................20
Database Logs.................................................................................................................21
Device Detection..............................................................................................................21
Default Properties............................................................................................................ 21
APM Server Maintainers..................................................................................................22
Administration Web Service................................................................................................. 23
Configuring the Log Archives in Authenware APM Server...................................................24
Authenware Message Codes...............................................................................................25
For More Information............................................................................................................27
Contact Us
Copyright 2013, AuthenWare Corporation and/or its affiliates. All rights reserved.
This software and related documentation are protected by intellectual property laws
and provided under an End User License Agreement which contains restrictions on
use and disclosure. Except as expressly permitted in your End User License
Agreement or allowed by law, you may not use, reproduce, copy, license, translate,
modify, distribute, broadcast, transmit, publish, perform, exhibit, or display any part,
in any form, by any means. Disassembly, decompilation, or reverse engineering of
this software, unless required by law for interoperability, is prohibited.
Please click here to view the End User License Agreement.
The information contained herein is subject to change without notice and is not
warranted to be error-free. If you find any errors, please report them to us in writing.
This software is developed for multi-factor authentication. It is not developed or
intended to be a fail-safe software authentication application. You shall be
responsible to take all appropriate measures to secure your data and and systems.
AuthenWare Corporation and its affiliates disclaim any liability for any consequential
damages caused by the use of this software application.
This software and documentation may provide information on or access to content,
services, and products from third parties. AuthenWare Corporation and its affiliates
are not responsible for and expressly disclaim all warranties of any kind with
respect to third-party content, services and products. AuthenWare Corporation and
its affiliates will not be responsible for any loss, costs, or damages incurred due to
your access to or use of third-party content, products, or services.
AuthenWare is a registered trademark of AuthenWare Corporation and/or its
affiliates.
If you have any questions or would like to contact us for any reason, feel free to do
so at:
support@authenware.com
Preface
Audience: This manual is intended for users of Authenware Technology.
Overview: This document is meant to serve as a guide to understanding how to
configure the Authentication Process Manager. It is not a user guide, nor does it
provide installation information. If you require information outside the scope of this
document, please refer to the Related Documents section below to find a manual
that better meets your needs.
Related Documents:
A_pxy_01_Authenware Authentication Process Manager Installation
A_pxy_02_Authenware Authentication Process Manager SSL Implementation
Guide
A_pxy_03_Authenware Authentication Process Manager User Guide
A_pxy_04_Authenware Authentication Process Manager Web Service Specification
Summary: This document is organized in three main sections. The first section
indicates where to find the APM configuration files and how they are set up. The
second section outlines every aspect of the APM and how to configure it. The third
section provides a listing of all possible error codes and what they mean. Also
included is extra information regarding the web service and log archives.
Typographical Conventions
This document uses the following typographical conventions:
Type of Font
Used For:
Example
Consolas, 12 point,
bold, gray
File names
Directory names
authenware-apmparameters.xml
AdminEmail
/com/authenware/apm/
Example code
value=false
Configuration Process
The configuration file for the Authenware Authentication Process Manager (APM) is:
authenware-apm-parameters.xml.
And is located at where was defined in the installation process, usually:
JBOSS_PATH/modules/com/authenware/apm/settings/main
Each parameter in this file has the following syntax:
<!-- Number of failures allowed before request verification code
-->
<bean id="NumberOfFailuresAllowed" scope="prototype"
class="java.lang.Integer" >
<constructor-arg index="0" type="java.lang.String"
value="3"/>
</bean>
Only the value of each parameter needs to be modified. For example, if you want to
allow 5 failed attempts, simply set value=5.
WARNING: Do not try to modify the parameter id or data type. Any modification of
Note: Changes to parameters' values will take effect only after restarting the APM
Configuration
What follows is a description of every aspect of the APM, and instructions on how to
modify the parameters.
AuthenwareGroups.
If youd like to validate all users with Authenware, you should set this value to false.
value=false
AuthenwareGroups
This value indicates which groups will be verified by the APM. If a user logs in to an
application and belongs to a group listed in this parameter, it will be verified with
Authenware. This only happens when the attribute CheckGroup is configured as
true.
The list of groups should be separated by commas. For example:
value=AuthenwareOperative,AuthenwareParanoid
Security Aspects
ErrorActionType
This value indicates the action that the APM tells the client to take when an error
occurs. The errors can be caused by configuration error, error in the parameters
received, validation error, or errors from the Authenware Server.
The possible options are:
loginUser: Access granted; the user may login into the application.
denyAccess: User access is denied.
If you would like to harden your security, you can deny the user access in the case
of any kind of error with:
value=denyAccess
NumberOfFailuresAllowed
This value indicates how many times a user can fail in the login process before the
system requests the verification code.
If you would like to allow five failed attempts before requesting the verification code,
you should use:
value=5
Signature Quality
CheckBadQPR
This value indicates if the APM will verify the value of QPR (Quality of Personal
Record) to alert the user or administrator that the value is below the established
value.
If you would like to alert users and administrators to a low value, you should use:
value=true
BadQPRLimit
This value indicates the lowest value of an acceptable QPR; any QPR below this
value will be considered bad quality. If the CheckBadQPR was configured as true,
the server will start generating the corresponding messages.
If you would like to determine that 75% percent of QPR is a bad quality of signature,
you should use:
value=75
Signature Compression
DecompressSignature
This value indicates if the APM will decompress the signatures received. The
signature can be compressed or decompressed, depending on the Signature
Builder that was used in the client to generate it.
If the signature is compressed, you should use:
value=true
Training Criteria
RequestTrainingActionType
This value indicates which training type the APM will request the user to choose.
The possible options are:
requestTraining: Will let the user select progressive or quick training.
requestProgressiveTraining: The user can only train with progressive training.
requestQuickTraining: The user will train his pattern with the quick training, but he
will be able to enter the system even if the training has not been finished.
requestForceQuickTraining: The user will train his pattern with the quick training,
and he will not be able to enter the system unless the training has finished.
If you want to make sure that the user may enter the system only once his training
is complete, you should use:
value=requestForceQuickTraining
TrainingGroupsActionTypes
This value indicates which training process the APM will request of the user groups.
The possible options are:
requestTraining: The user can choose between progressive or quick training
requestProgressiveTraining: Forces the progressive training mode
requestQuickTraining: Forces the quick training mode
requestForceQuickTraining: Forces the quick training mode, and the user will not
be able to enter the system unless the training has finished.
For example:
<map>
<entry key="progressiveTrainingGroup"
value="requestProgressiveTraining"/>
<entry key="quickTrainingGroup"
value="requestQuickTraining"/>
</map>
MinimumTrainingFrequency
This parameter is for internal use only, and should not be changed. The value
indicates the minimum frequency of training, expressed in days. This is checked in
the pre-validate user service.
With the value set to 0 (default), the parameter is disabled.
PatternSetSize
This value indicates how many times a user must log in to the system to complete
his biometric pattern.
We generally request that a user log into the system 10 times; accordingly, we
would use:
value=10
OtpValidTime
This value indicates for how long the verification code (OTP) will be valid; after that
time the OTP will be invalid. This value is in milliseconds.
If you would like the verification code (OTP) to be valid for 30 minutes, you should
use:
value=1800000
10
SendOTPBy
This list indicates what kind of communication channel will be used to deliver the
verification code (OTP).
The possible options are:
SmsChannel: The verification code (OTP) will be delivered by SMS text message.
To deliver the message with SMS, the APM must receive a property object called
userCellPhone with the users telephone number.
EmailChannel: The verification code (OTP) will be delivered by e-mail. To deliver
the message with e-mail, the APM must receive a property object called userEmail
with the users e-mail address.
If you would like to use e-mail and SMS to send the verification code (OTP), you
should use:
<ref bean="SmsChannel"/>
<ref bean="EmailChannel"/>
SplitOtp
This value Indicates if the verification code (OTP) should be split. Each part will be sent to
one of the recipients defined in the properties userEmail and userCellPhone.
For example :
value=false
IncludeOtpInServiceResponse
This value indicates if the OTP must be included in the validateUser service
response.
For example:
value=false
11
SendOtpToAdministrator
This value indicates if the OTP must be sent by e-mail to the e-mail address defined
in the AdminEmail parameter.
For example:
value=true
UseOtpForNewUsers
This value establishes whether or not the system will send the OTP when a new
user is created.
For example:
value=true
UseOtpForTraining
This value establishes whether or not the system will send the OTP when a user is
training a pattern.
For example:
value=true
UseOtpForExceededNumberAttemptsAllowed
This value establishes whether or not the system will send the OTP when a user
exceeds the number of attempts allowed as defined in the
NumberOfFailuresAllowed parameter.
For example:
value=true
TrainingGroupsUseOtpForNewUsers
This value establishes, for each trainingGroup, whether or not the system will send
the OTP when a new user is created.
12
For example:
<map>
<entry key="progressiveTrainingGroup"
value="false"/>
<entry key="quickTrainingGroup" value="true"/>
</map>
TrainingGroupsUseOtpForTraining
This value establishes, for each trainingGroup, whether or not the system will send
the OTP when a user is training a pattern.
For example:
<map>
<entry key="progressiveTrainingGroup"
value="false"/>
<entry key="quickTrainingGroup" value="true"/>
</map>
AdminLocal
This value indicates the local settings for the Administrator.
The possible options are:
en: English
es: Spanish
fr: French
13
For example:
value=en
AdminAlertCodes
This value indicates which one of the available alert codes will be delivered to the
administrator when something happens on the APM. A complete list of error codes
is provided later in this document.
The possible options are:
Cod1, Cod2, , Cod n: The APM will send only the selected alert messages.
INFO: The APM will send alert messages that are INFO, WARNINGS and
ERRORS.
WARNING: The APM will send alert messages that are WARNINGS and
ERRORS.
ERROR: The APM will send only alert messages that are ERRORS.
: Will not send any kind of alert messages.
If you would like the administrator to receive only alert messages regarding errors,
you should use:
value=ERROR
UserAlertCodes
This value indicates which one of the available alert codes will be delivered to the
user when something happens on the APM. A complete list of error codes is
provided later in this document.
The possible options are:
Cod1, Cod2, , Cod n: The APM will send only the selected alert messages.
INFO: The APM will send alert messages that are INFO, WARNINGS and
ERRORS.
WARNING: The APM will send alert messages that are WARNINGS and
ERRORS.
ERROR: The APM will send only alert messages that are ERRORS.
: Will not send any kind of alert messages.
If you would like the user to receive only alert messages regarding warnings, we
should use:
14
value=WARNING
EmailTemplatesMap
This value indicates the filenames of the templates for the APM when it sends alerts
through e-mails.
These templates are stored in:
JBOSS_PATH/modules/com/authenware/apm/settings/main /
Each language is stored in a separate directory:
/en (English)
/es (Spanish)
/fr (French)
The default filename for the templates are:
For "error, value="ERRORNotification.html"
For "warning", value="WARNINGNotification.html"
For "info", value="INFONotification.html"
For "otp", value="OTPNotification.html"
For "splitotp", value="SPLITOTPNotification.html"
SmsTemplatesMap
This value indicates the filename of the template for the APM when it sends text
message (SMS) alerts.
This template is stored in:
JBOSS_PATH/modules/com/authenware/apm/settings/main/
Each language is stored in a separate directory:
/en (English)
/es (Spanish)
/fr (French)
The default filename for template is:
For "otp", value=OTPSMS.txt
15
MailPort
This value indicates the port to be used by the e-mail server.
For example:
value=25
MailProtocol
This value indicates the e-mail server protocol.
For example:
value=smtp
MailProperties
This value indicates the properties that will be used by the SMTP server.
For example:
<props>
<prop
<prop
<prop
<prop
<prop
</props>
key="mail.smtp.auth">true</prop>
key="mail.smtp.connectiontimeout">5000</prop>
key="mail.smtp.sendpartial">true</prop>
key="mail.smtp.userset">true</prop>
key="mail.smtp.localhost">yourdomain.com</prop>
16
MailUser
This value indicates the e-mail account to identify the user on the e-mail server.
This value should be a valid account on the e-mail server.
For example:
value="user@yourdomain.com "
MailPassword
This value indicates the password for the MailUser e-mail account.
For example:
value=UsErPaSSwOrd
MailFromUser
This value indicates the e-mail account from which alerts will be sent. This account
should be a valid account on the e-mail server.
For example:
value=relay@yourdomain.com
MailFromName
This value indicates the name from which alerts will be sent.
For example:
value=Authenware APM Server
Note: The parameters MailFromUser and MailFromName are used in the following
format: Authenware APM Server <relay@yourdomain.com>
17
SmsDomain
This value indicates the domain name that should be added to a cell phone number
before sending the SMS through an e-mail.
An example of a cell phone number in Argentina is 0261 157483922. With Movistar,
to send an SMS we have to remove 0 and 15. The domain for Movistars cell
phones is @sms.movistar.net.ar, so the address will be
2617483922@sms.movistar.net.ar . In this case, the value should be:
value=sms.movistar.net.ar
LdapAuthentication
This value indicates the authentication string. The format depends on the
authentication scheme.
For example:
value="${user}@testdomain.loc"
value="cn=${user},cn=Users,dc=testdomain,dc=loc"
Note: The Authenware APM server will replace ${user} with the appropriate user.
LdapHost
This value indicates where the LDAP is hosted.
18
For example:
value="ldap://ldapserverhost"
LdapSearchBase
This value indicates the LDAP Search Base.
For example:
value="dc=testdomain,dc=loc"
UseLdapAdminUser
This value determines if the directory services will authenticate the Authenware
APM Server using an LDAP Admin user.
For example:
value="false"
LdapAdminUser
This value indicates the LDAP Admin Username, which will be used if the
parameter UseLdapAdminUser is true.
For example:
value="ldapadminuser"
LdapAdminPassword
This value indicates the LDAP Admin User Password, which will be used if the
parameter UseLdapAdminUser is true.
For example:
value="ldapadminpassword"
19
GetCredentialServerTimeUsingSntp
This value determines if the APM will get the time of day from Credential Server
using SNTP.
For example:
value="false"
CredentialServerSntpIp
This value indicates the Credential Server SNTP Host.
For example:
value="ldapserverhost"
CredentialServerSntpPort
This value indicates the Credential Server SNTP Port.
For example:
value="123"
Note: Changes to the Radius' parameter values will not take effect if you are not
using the Juniper Instant Virtual Extranet Integration. For more information see
A_int_03_Juniper-Authenware APM Configuration
Database Logs
20
SaveEntryLog
This value determines whether or not the APM will log the user's entries.
For example:
value="true"
Device Detection
DeviceDetection
This value determines if the APM will detect the device being used and recognize its
category.
For example:
value="false"
Default Properties
DefaultProperties
This series of values specifies the default value for the properties array.
For example:
<map>
<entry
<entry
<entry
<entry
<entry
<entry
<entry
<entry
<entry
<entry
<entry
<entry
<entry
key="ip" value=""/>
key="isp" value=""/>
key="securityLevel" value=""/>
key="userGroup" value=""/>
key="userEmail" value=""/>
key="userCellPhone" value=""/>
key="credentialContainerDate" value=""/>
key="credentialLastSet" value=""/>
key="userPassword" value=""/>
key="userTrainingGroup" value=""/>
key="compressedSignature" value=""/>
key="deviceCategory" value=""/>
key="device" value=""/>
21
OTPMaintainerMaxDeletes
This value indicates the maximum number of OTPs deleted in the maintainer
process.
For example:
value="1000"
SessionMaintainerPeriod
This value determines the length of time for which the APM sessions maintainer
process will be run, expressed in milliseconds.
For example:
value="10000"
SessionMaintainerMaxDeletes
This value indicates the maximum number of APM sessions deleted in the
maintainer process.
For example:
value="1000"
22
warning.)
23
The possible values for log level are: TRACE, DEBUG, INFO, WARNING, or ERROR.
TRACE is the most verbose and ERROR the least verbose option. TRACE includes
all other log levels and so on.
<!-- A time/date based rolling appender -->
<appender name="FILE-AUTHENWARE-APM"
class="org.apache.log4j.RollingFileAppender">
<param name="File" value="/etc/authenware/apm/authenwareapm.log"/>
<param name="Append" value="true"/>
<layout class="org.apache.log4j.PatternLayout">
<!-- The default pattern: Date Priority [Category]
Message\n -->
<param name="ConversionPattern" value="%d %-5p [%c{1}]
%m%n"/>
</layout>
</appender>
<category name="com.authenware.authentest.proxy">
<priority value="TRACE"/>
<appender-ref ref="FILE-AUTHENWARE-APM"/>
</category>
TYPE
ERROR
MESSAGE
Error while parsing object AuthenwareSignature.
The user doesn't have enough logins to be able to deliver a certain
WARNING
response. The trust identity rate should not be considered.
INFO
User needs <number> more logins to complete the pattern.
24
Error while parsing the dates in the pattern validity process. The
correct format is yyyy-mm-dd hh:mm:ss.
The data capture is not consistent, the keyup and keydown events
don't match.
The number of captured events doesn't match with the pattern.
Error while getting the biometric pattern.
There was an error while inserting the login record in the
LoginDAO class.
The user <user> of the organization <organization> is not
registered in Authenware.
The user <user> couldnt be created on the database.
Parameter error; <parameter> doesn't have a value.
Parameter error; parameters container not found.
The application <application> doesnt exist in the Authenware
database.
The field <field> of the application <application> doesnt exist in
the Authenware database.
The data captured is not consistent, the number of keys do not
match.
The user name can not be empty.
The user name can not be blank.
The organization code can not be 0.
One of the fields doesnt have any captured events.
Error checking user: <error>.
The application <application> couldnt be created.
The application <application> couldnt be created, the identifier or
name is duplicated.
1003
ERROR
4001
ERROR
4002
4003
ERROR
ERROR
4004
ERROR
4005
ERROR
4006
4007
4008
ERROR
ERROR
ERROR
4009
ERROR
4010
ERROR
4012
ERROR
4013
4014
4015
4016
4023
4030
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
4031
ERROR
4032
ERROR
4033
ERROR
4034
ERROR
4035
ERROR
4036
ERROR
4040
ERROR
4041
ERROR
4042
4043
4045
4060
ERROR
ERROR
ERROR
ERROR
4061
ERROR
4084
4500
ERROR
ERROR
25
4710
5000
6001
6002
8000
8001
8002
8003
ERROR
ERROR
WARNING
ERROR
ERROR
ERROR
ERROR
ERROR
8004
ERROR
8005
9010
9020
ERROR
ERROR
ERROR
9022
ERROR
100
ERROR
MESSAGE
The user will be controlled by Authenware Server.
The user does not exist in Authenware Server.
The user was successfully created in Authenware Server.
The user will not be controlled by Authenware Server.
The user should train again because his credentials were modified.
The verification code is incorrect.
The number of signatures is incorrect.
Error while accessing the Authenware Server service.
Error initializing the Authenware APM Server. Please check the
10009 ERROR
parameter file, database connection and Core connection.
10010 ERROR Error while creating the user.
10011
ERROR Error while validating the signature.
10012 ERROR Error while resetting the pattern.
10013 ERROR Error while verifying if the pattern is ready.
10014 ERROR Error while creating a new pattern.
The user could login, but his QPR is lower than the established
10015 WARNING
limit.
10016 WARNING User exceeded the number of attempts allowed.
10017 ERROR Error while checking validity of user credentials.
10018 ERROR The Authenware Server URL is incorrect.
10019 ERROR Error in connecting with Authenware Server.
10020 ERROR Error while refreshing the parameters.
10021
INFO
The verification code (One Time Password) was sent to the user.
10022 ERROR Error while saving the workstation log
26
10023
10024
10025
10026
10027
10028
10029
10030
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
10031
ERROR
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10099
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
27
Licensor during the course of this Agreement or any Statement of Work thereunder: Software specifications,
operating instructions, pricing terms, training materials, user documentation, custom code, integrations,
system requirements, user interface code or templates, software specifications, software, and drafts of the
foregoing (the Other Licensor Materials), (c) all trade secrets, patents, trade marks, service marks,
copyrights, trade dress, inventions, know how, applications to register any of the foregoing and other
proprietary rights (Intellectual Property Rights) in the foregoing, and (d) any modifications or derivative
works thereof and any copies of the foregoing. All suggestions, solutions, improvements, corrections, and
other contributions provided by Licensee regarding the Software or the Other Licensor Materials shall become
the property of Licensor (or its licensors) and Licensee hereby agrees to assign any such rights to Licensor.
3.
Copies. Licensee agrees not to make any copies of the Software, except that it may make one copy
of the Software for backup and archive purposes. Licensee shall keep and maintain complete and accurate
records of each copy made of the Software and provide such records to Licensor upon request.
4.
Restrictions. Licensee will not: (a) except as explicitly allowed under this Agreement, copy, edit,
modify, adapt, translate, port, reproduce (except as necessary for installation), distribute, transfer, lend, sell,
sub-license, assign or otherwise transfer any of the Software, any component thereof, or any output generated
by the Software; (b) prepare any derivative work based upon the Software or any component thereof; (c)
reverse engineer, disassemble or decompile the Software or any component thereof, or attempt to discover or
disclose the source code of the Software or any component thereof; (d) encumber, time-share, rent or lease the
rights granted by Licensor under this Agreement; (e) remove, obscure, or alter any notice of Licensors (or its
licensors) intellectual property rights present on or in the Software or any component thereof; (f) use the
Software or any component thereof for any purpose not authorized or contemplated under this Agreement or
in violation of any express prohibition set forth elsewhere in this Agreement, including the exhibits hereto or
policies reference herein; or (g) authorize or permit any person or entity to do any of the foregoing; or (h) use,
or permit an Licensee to use, the Software sub-licensed for a particular Licensee for the benefit of any party
other than such Licensee or for any process other than for the specific process was sub-licensed.
5.
Confidentiality
5.1
Definition. For purposes of this Agreement, the following information shall be considered
Confidential Information: any and all (i) technical and non-technical information including but not limited
to patent, trade secret and proprietary information, techniques, sketches, drawings, models, inventions, knowhow, processes, apparatus, equipment, computer code and algorithms related to either party, and (ii)
information relating to marketing plans, business opportunities, personnel, research, development or knowhow. The Software and Other Licensor Materials shall be considered the Confidential Information of
Licensor.
5.2
Treatment of Confidential Information. Each party (the Receiving Party) agrees (i) to use
commercially reasonable efforts to protect the Confidential Information of the disclosing party (the
Disclosing Party) and (ii) that it will not and will ensure that its employees, will not use, disseminate or in
any way disclose any Confidential Information of the Disclosing Party to any person, firm or business, except
as specifically authorized in this Agreement or for any purpose the Disclosing Party may hereafter authorize in
writing. The Receiving Party agrees to disclose the Confidential Information of the Disclosing Party only to
those employees who have a need to know.
5.3
Exceptions. The restrictions set forth in this Section 5 will not apply to any information that the
Receiving Party can demonstrate: (a) was known by the Receiving Party without an obligation of
confidentiality, prior to disclosure by the Disclosing Party; (b) was in or entered the public domain through no
fault of the Receiving Party; (c) is disclosed to the Receiving Party without an obligation of confidentiality; or
(d) is independently developed by the Receiving Party without reference to any Confidential Information of
the Disclosing Party. A party shall not be in violation of this Section 5 if it discloses Confidential Information
demanded by a lawful order from any court or any body empowered to issue such an order, provided that the
Receiving Party notifies the Disclosing Party promptly of the receipt of any such order, provides the
Disclosing Party with a copy of such order, and, if requested by the Disclosing Party, uses good faith efforts to
limit or obtain confidential treatment with respect to information disclosed pursuant to such order.
5.4
No Conveyance of Ownership. Nothing in this Agreement shall be construed to convey any title or
ownership rights to the Confidential Information of the Disclosing Party or to any Intellectual Property Rights
therein or grant any other right, title, or ownership interest to the Disclosing Party Confidential Information
except as may be provided by this Agreement.
28
6.
Limited Warranty.
6.1
Performance. Licensor warrants that the Software, standing alone without use in combination or
conjunction with any third party software or apparatus, will perform substantially in accordance with the
applicable specifications included in the Other Licensor Materials for a period of thirty (30) days following
delivery. This warranty shall be rendered null and void if the failure of the Software has resulted from an
accident, abuse, or misapplication caused by Licensee. Licensors entire liability and Licensees exclusive
remedy under this warranty is to repair or replace the Software which does not meet the warranties contained
in this Section 6. Any replacement of the Software shall be warranted for the remainder of the original
warranty period. Licensors warranty obligations shall not apply: (a) if the Software has not been installed in
accordance with the installation instructions provided by Licensor; or (b) if the Licensees computing
environment does not meet the minimum system requirements then specified by Licensor for the Software at
the time the Software was ordered.
6.2
Limitation of Liability.
LICENSOR (AND ITS LICENSORS) SHALL NOT BE LIABLE TO LICENSEE FOR DAMAGES FOR ANY CAUSE
RELATED TO OR ARISING OUT OF THIS AGREEMENT, WHETHER IN CONTRACT, NEGLIGENCE OR TORT, IN AN
AMOUNT THAT EXCEEDS THE TOTAL PORTION OF THE LICENSE FEES PAID BY LICENSEE TO LICENSOR
DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRIOR TO THE EVENT WHICH GAVE RISE TO SUCH
DAMAGES HEREUNDER. LICENSOR (AND ITS LICENSORS) SHALL NOT BE LIABLE TO LICENSEE UNDER ANY
LEGAL THEORY, WHETHER IN AN ACTION BASED ON A CONTRACT, TORT (INCLUDING NEGLIGENCE AND
STRICT LIABILITY) OR ANY OTHER LEGAL THEORY, HOWEVER ARISING, FOR ANY INCIDENTAL, SPECIAL,
EXEMPLARY OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES RESULTING FROM
LOST PROFITS, INTERRUPTION OF BUSINESS, LOSS OF DATA OR PROGRAMS, LOSS OF USE OF COMPUTER
HARDWARE, OR LOSS OF GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
8
Early Termination. A party may terminate this Agreement: (a) by giving notice to the other party if
the other party materially breaches the Agreement (which shall include, without limitation, failure by Licensee
to make timely payments hereunder) and fails to cure such breach within 30 days of written notice thereof; or
(b) if the other party ceases to conduct business, becomes or is declared insolvent or bankrupt, is the subject
of any proceeding relating to its liquidation or insolvency which is not dismissed or stayed within ninety (90)
days or makes a general assignment for the benefit of its creditors.
9
Effects of Termination. Upon termination of this Agreement: (a) Licensees right to use the
Software shall automatically terminate; and (b) both parties will return or destroy the originals and all full or
partial copies of the Confidential Information of the other party (including any Software in Licensees
possession) and any other materials furnished hereunder within ten (10) days and, at the request of the other
party, shall certify in writing that all such materials have been returned or destroyed.
10.
General Provisions.
10.1
Export. Licensee shall comply with all then current Export Laws and Regulations of the United
States Government pertaining to the Software. Licensee hereby certifies that it will not directly or indirectly,
export, re-export, or transship the Software or related information, media, or products in violation of United
States laws, rules, and regulations.
10.2
Attorneys Fees. In addition to any other relief awarded, the prevailing party in any action arising
out of this Agreement will be entitled to its reasonable attorneys fees and costs.
10.3
Entire Agreement; Amendments. This Agreement, including any all Exhibits attached hereto and
agreements, policies and programs reference herein, constitutes the entire agreement between the parties with
respect to the subject matter contained herein and supersedes all prior proposals, agreements, negotiations,
correspondence, understandings, and other communications, whether written or oral, between Licensor and
29
Licensee. There are no promises, covenants or undertakings other than those expressly set forth herein. This
Agreement may not be modified except in writing signed by authorized representatives of Licensor and
Licensee. The parties agree that facsimile signatures of authorized representatives of the parties on this
Agreement will be binding.
10.4
Injunctive Relief. The parties agree that money damages will be inadequate in the event of a breach
of Section 3, 4 and 5 of this Agreement and that the non-breaching party shall be entitled to injunctive relief in
the event of such a breach without the necessity of posting a bond.
10.5
Discontinuation of Software or Support Services. Licensor reserves the right to discontinue supply
of any or all Software or to discontinue renewing the Support Services in the event Licensor (or its licensors)
generally discontinues active distribution of any or all of the Software or active provision of the Support
Services.
10.6
Force Majeure. Neither party shall be in default for, or held responsible for damages caused by
delay or failure to perform in full or in part its obligations under this Agreement (other than payment
obligations) where such delay or failure is due to circumstances, such as fires, strikes, acts of God or acts of
terrorism, which are beyond the control of the party.
10.7
Choice of Law and Forum. This Agreement shall be governed by, and construed in accordance
with, the laws of the State of Florida without reference to conflicts of laws rules, which would require
application of another substantive law. The United Nations Convention on Contracts for the International Sale
of Goods is specifically excluded from application to this Agreement. All disputes arising out of or relating to
this Agreement may only be brought in the state or federal courts located in Florida, and the parties hereby
agree and submit to the personal and exclusive jurisdiction and venue of these courts.
10.8
Third Party Beneficiary. Licensee agrees that Licensors licensors are intended to be third party
beneficiaries of this Agreement. Such licensors may bring direct action against Licensee for the breach of the
terms hereof that relate to the software or other materials provided by such licensors.
10.9
Verification. Licensee agrees that Licensor (or its licensors) may, upon five (5) business days prior
written notice, enter Licensees premises to verify Licensees compliance with the provisions of this
Agreement. Licensors inspections shall: (i) be limited to one annual inspection (unless Licensor believes that
it has just cause for multiple inspections); (ii) take place during Licensees normal business hours; and (iii)
involve inspection of only those records pertaining to the Licensor Software including copy locations. If
Licensee is found not to be in substantial compliance with this Agreement, Licensee shall pay the reasonable
expenses associated with such inspection. Licensors rights of inspection shall remain in effect through the
period ending one year from the termination or expiration of this Agreement.
10.10
Third Party Programs. Third Party components of the Authenware solution are subject to their own
license terms. These third party software programs are components only and cannot be used directly by the
Licensee. WARNING: Do not upgrade or reconfigure any software components. Any changes to the delivered
configuration could result in serious consequences to the performance of the software.
10.11
Trademarks. Trademark 2010 Authenware Corporation, INC. All rights reserved. Authenware
logo is a registered trademark of Authenware Corporation, Inc. All other trademarks are the property of their
respective owners.
10.12
YOU MUST READ THIS ENTIRE AUTHENWARE END USER SOFTWARE LICENSE AGREEMENT
("LICENSE AGREEMENT") CAREFULLY BEFORE ACCEPTING OR INSTALLING THIS APPLICATION.
IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE AGREEMENT, YOU AGREE NOT TO
INSTALL. BY CLICKING "I ACCEPT" OR BY INSTALLING YOU AGREE TO BECOME A PARTY TO, AND
30
BE BOUND BY, THE TERMS OF THIS LICENSE AGREEMENT AND THIS LICENSE IS ENTERED INTO
BETWEEN AUTHENWARE CORPORATION AND THE ORGANIZATION EXECUTING THIS LICENSE
AGREEMENT ("YOU" AND "YOUR").
31