File:          README.TXT
Product:       Secure Entry Client
Manufacturer:  NCP engineering GmbH Nuremberg, Germany

Product Description, Installation and Licensing
===============================================================================

Universal IPSec Client

The IPSec client can be used in any VPN environment. The client communicates on 
the basis of the IPsec standard with the gateways provided by a wide variety of 
vendors* and is the alternative to the uniform IPsec client technology offered 
on the market. The client software emulates an ethernet LAN adapter. The client 
has additional features that introduce the user into a holistic remote access 
VPN solution.

The IPSec client offers:
- Support of all major operating systems
- Dial-in over all transmission networks
- Compatibility with VPN gateways from a wide variety of vendors*
- Integrated personal firewall for more security
- Dialer protection (no misuse by third parties)
- Higher speed in the ISDN (channel-bundling)
- Saving telephone charges (charges and connection management)
- Convenient operation (graphic interface)
- Central management**
*) Compatibility list available on the NCP website www.ncp-e.com
**) optional

Performance range

The IPSec client supports all major 32/64 bits operating systems (Windows 2000, 
XP, Vista). Connecting to the corporate network is media-type independent, e.g. 
in addition to ISDN, PSTN analog telephone network, GSM, GPRS, and xDSL, LAN 
technologies such as WLAN (on the corporate campus and hotspots) or local area 
networks (branch office network) are also supported. A possible scenario: an 
employee must access the corporate network from various locations with one and 
the same end device:
- in the branch office via WLAN
- in the corporate headquarters via LAN
- on the road at hotspots and at customer sites via WLAN or GPRS
- in the home office via xDSL, cable, or ISDN


Notes for Installation
===============================================================================

A Setup program performs the installation of the Client Software quickly and 
smoothly. The installation procedures for all versions of NCP Client Software 
are the same. The following text describes the procedures for installing the 
Client Software under Windows 2000/XP and Vista.

Prior to executing setup be sure that the following prerequisites are fulfilled.

Starting with version 8.31 the Client will be installed in the program directory 
of the operating system (programs\NCP\SecureClient) for a new installation.

Old path: %Windows%\ncple 
New path: %Programs%\NCP\SecureClient

For an update in addition the path is used that was entered for the last 
installation.


Uninstall
---------

If you uninstalled the client, then you have the option to keep the 
configuration and profile settings in the client directory. If at a later date, 
a newer client version is installed in the same directory, then all personal 
data can be used again. If you want to delete the personal data in the client 
then you will have to confirm this specifically. In such a case all data and 
directories of the client are removed irretrievably.


Registry repair (RegRep)
------------------------

The setup program checks the registry entries for each new installation of the 
client, i.e. even when an older version was uninstalled. If problematic entries 
are found then they will be adjusted. The setup programme will generate a 
message to request a restart of the PC.



Prerequisites for Installation
-------------------------------------------------------------------------------

System Requirements:
In order to be able to communicate with the Client Software it is essential to 
have either Microsoft Windows 2000, Windows XP or Windows Vista installed on 
your PC (min. 128 MB RAM). During the installation you are asked to have your or 
disks ready, as these will be needed for updating your PC's driver database 
files. Please insert these when prompted to do so.

Remote Destination:
In order to communicate with the remote destination it must support one of the 
following media types: ISDN, PSTN (analog modem), GSM, GPRS/UMTS, LAN over IP, 
WLAN or PPP over Ethernet (PPPoE).

Local System:
One of the following communication devices must be properly installed

* ISDN adapter (ISDN)
The device (e.g. adapter internal or external) must support the ISDN CAPI 2.0 
standard. When using PPP Multilink the software can bundle up to 8 ISDN B-
Channels. Any ISDN device supporting the ISDN CAPI 2.0 can be used. Please check 
your device to be sure that such a driver is available. The Client Software does 
not support TAPI based ISDN devices. 

* Analog Modem (Modem)
The Client Software can communicate with any industry standard analogue PC 
Modem, provided that it and the modem drivers have been properly installed and 
the Modem Init. String and the COM-Port definition for the modem is correct. The 
modem has to support Hayes AT commands.
Mobile telephones can also be used for data communication, after the associated 
software has been installed that presents itself to the client precisely as if 
it were an analog modem. The serial interface, IR (infrared) interface, or 
Bluetooth can be used as interface between mobile phone and PC. The opposite 
side must have the appropriate dial-in platform depending on the transfer rate 
(GSM, v.110, GPRS or HSCSD). The initialization string in the Secure Client 
modem configuration must be obtained from the ISP or the manufacturer of the 
mobile phone.

* LAN adapter (LAN over IP)
When the Link Type LAN has been defined the Client Software may be used as a VPN 
Client in a LAN that communicates across a LAN Network and associated Router to 
a central site VPN Gateway. When defined as a LAN Client, the Client Software 
can also be used as a VPN or VPN/PKI Plug-in for Microsoft's RAS (Dial-Up 
Network) client.
Adapters for a wireless LAN (WLAN adapter) are handled exactly like normal LAN 
adapters.

* Broadband Device (xDSL (PPPoE))
Cable Modems, Splitters (e.g. for ADSL), etc. can be used in conjunction with 
PPP over Ethernet (PPPoE), which is supported by the Client Software. This may 
be useful for xDSL or other broadband services that employ time based charges. 

* xDSL (AVM - PPP over CAPI)
The link type "xDSL (AVM - PPP over CAPI)" has been added in the "Basic 
Settings" configuration field in the telephone book. If an AVM Fritz DSL card is 
to be used then this link type may be selected . AVM specific init strings may 
be entered in the field "Destination Phone Number" ("Dial-Up Network" group) for 
the connection. It is recommended to use the standard setting "xDSL (PPPoE)" 
with Windows operating systems as this provides direct communication over the 
network interfaces. No additional network card is necessary with the AVM Fritz! 
DSL card.

* Multifunction card (GRPS / UMTS / HSDPA / HSUPA)
If you are using a multi-function card, special features of the mobile computing 
can be used depending on the card characteristics. Due to the direct support of 
the multi-function card for UMTS/GPRS/WLAN through the Secure Client, 
installation of management software from the card implemented, is not necessary.
For currently supported multi-function cards see:
http://www.ncp-e.com/en/service-support/compatiblity/mobile-connect-cards.html

* WLAN adapter (WLAN)
The WLAN adapter can be operated with the link type "WLAN". In the monitor menu 
the special "WLAN settings" menu item is displayed where the access data for the 
wireless network can be saved in a profile. If this "WLAN configuration" is 
activated, then the management tool of the WLAN card, or the Microsoft tool must 
be deactivated. (Alternatively the management tool of the WLAN card or the 
Microsoft tool can be used as well.)
If the link type WLAN is set for the destination system in the phonebook, then 
under the graphic field of the Client Monitor an additional area is shown where 
the field strength and the WLAN network are displayed.
Please note for configuring the WLAN settings the description Mobile Computing.

* Automatic Media Detection
If various link types could be used, the client detects automatically which link 
type actally can be used und selects the fastest one.
On the basis of a pre-configured destination system, those link types that are 
currently available for the Client PC are detected and implemented, and if 
multiple alternative transmission paths are available, the fastest will be 
selected automatically. The link type priority is specified in the following 
sequence in a search routine: 1. LAN, 2. WLAN, 3. DSL,  4. UMTS/GPRS, 5. ISDN, 
6. MODEM.
The configuration is executed in the phonebook with the link type "Automatic 
media detection" under "Destination system". If desired, all destination systems 
for the VPN gateway that are pre-configured for this Client PC can be assigned 
to this automatic media detection. This renders manual selection of a medium 
(WLAN, UMTS, LAN, DSL, ISDN, MODEM) from the phonebook entries superfluous. 
Input data for the connection to the ISP are transferred from the available 
phonebook entries in a manner that is transparent for the user. 


Prerequisites for using Certificates
--------------------------------------------------------------------------------

Supported interfaces and formats

The secure client can be used in public key infrastructures as of X.509. V.3 
standard and supports the following interfaces/formats:
- Smartcards, USB-Tokens: PKCS#11, TCOS 1.2 and 2.0, CSP
- Soft Certificates: PKCS#12-file
- PC/SC conform chip card reader: The client software supports all chip card 
readers which conform with PC/SC. The chip card readers are included in a list 
of the client once the reader is connected and the corresponding driver software 
has been installed.
- Automatic recognition of connected PC/SC readers: If the use of a PC/SC chip 
card reader is configured on the client for the PKI environment, the client 
recognizes and automatically uses the connected one.
This feature can only be used in connection with smartcards which can be 
addressed directly without interface software such as NetKey chip cards 
(Telesec).
- PKCS#11 module: Drivers in form of a PKCS#11 library (DLL) are supplied with 
the software for smartcards or tokens. This driver software has to be installed 
initially. Then the relevant PKSC#11 module can be selected via an assistant.

CA Certificates

The administrator of the company network determines which certificate issuers 
can be trusted. This happens by applying the CA certificate of his choice into 
the installation directory under <CACERTS>. The application can happen 
automatically during software distribution if the issuer certificates are 
located in the directory <DISK1> during software installation from a data 
carrier. 
Retrospectively, issuer certificates can be distributed automatically via the 
Secure Management Server (only to Enterprise Clients) or the user can save them 
himself as long as he has the relevant write permissions in the relevant 
directory.
Currently the formats *.pem and *.crt are supported for issuer certificates. 
They can be viewed in the monitor under the main menu item "Connection / 
Certificates / Display CA certificates".
If the secure client receives the certificate of a remote station, then the NCP 
client will determine the issuer by searching the issuer certificate initially 
on smartcard or USB token or in the PKCS#12 file and finally in the installation 
directory under <CACERTS>. If the issuer certificate cannot be found then the 
connection will not be successful. If no issuer certificates are available, then 
no connection is allowed. 
If Soft Certificates are created with the PKI plug-in of the management server 
then the issuer certificate is saved in the PKCS#12 file.

Use of a Revocation List (CRL)

The secure client can have access to the corresponding CRL (certificate 
revocation list) for each issuer certificate. It is applied to the installation 
directory under <CRLS>. If a CRL is available, then the secure client checks 
incoming certificates against the CRL. The client downloads the corresponding 
CRL automatically if the incoming server user certificate includes the 
certificate extension CDP.
If black lists are used, then usually there is no notification if the client has 
no saved black list for incoming certificates. If a notification is required in 
such cases then the file NCPPKI.CONF needs to be edited. It is saved in the 
installation directory. The standard entry in the section [General] is:
Enablecrlinfo = 0
This means that no notifications are displayed if, on the client at the remote 
station, no black list was found for the certificate. If a notification has to 
be displayed, then this setting has to be changed to:
Enablecrlinfo = 1

Installing the Client Software
--------------------------------------------------------------------------------

The actual version and later versions of the Client will be tested by the 
quality assurance only according to the operation systems Windows 2000, Windows 
XP and Windows Vista. Full functionality cannot be garanteed when using the 
client under Windows NT, Windows 98 or older Windows versions.

You can obtain the software as EXE file by downloading it from the website 
under:www.ncp-e.com. The following text describes the procedures for installing 
the client software under Windows 2000/XP/Vista. 

Please note that there are some differences when installing from a hard disk, CD 
or diskettes.

Installation and Licensing

First the NCP Secure Entry Client is installed as a test version. If you posess 
a license, you can enter the license data after a reboot of the software by 
selecting the monitor menu option "License Info and Activation". The test 
version is valid for 30 days. Without software activation or licensing it will 
no longer be possible to setup a connection after this 30-day period expires. 
When 10-days validity remain, a message box will be displayed to remind you that 
the software has not yet been licensed. For licensing the software please refer 
to the chapter "Licensing" in the handbook.

Installing from CD

After inserting the CD in the drive of your PC, the welcome window appears on 
the monitor. Click on "Install Products" and then select the client software 
version to be installed. All further installation procedures are identical with 
the installation procedures for installing from removeable disk, from the window 
"Choose Setup Language".

Default Installation
...............................................................................

Installing the client software first you copy the ZIP file you have got with a 
download or with the CD onto the hard disk of your PC. The filename of the ZIP 
file displays the number of the verion and build number of the software, e. g.:
NCP_EntryCl_Win32_9_10_048.ZIP
Copy the directory <Disk1> out of the ZIP file onto the harddisk. To install the 
client software select in the windows main menu: Start / Settings / Control 
Panel. Select "Add/Remove Programs" in the control panel and then click on the 
"Install" button. Click on "Next" when the window appears which requests the 
installation CD. When the following window appears click on "Browse" to select 
the SETUP.EXE file and click on "Finish".

"Choose Setup Language". A window appears where you can select the language to 
be used for the installation and then click "OK". The "Install Shield Assistant" 
is now started. It will guide you through the installation. 

Read the terms of the Welcome window carefully and click on "Next".

Note the following message und deactivate any VPN Client and Personal Firwall of 
another manufacturer to avoid data loss.

The next window displayes the software licensed agreement. In order to proceed 
with the installation of the licensed version click on "Yes". Clicking "No" will 
stop the installation process.

Default directory for installation is: Programs\ncp\SecureClient (Under Windows 
Vista it could also be:Program Files\Funkwerk Secure IPSec Client)

Undependently of "Typical" or "Custom" installation you can select any folder 
for the software installation by clicking on "Browse". This is particularly 
important if the user should have no rights on the system root directory.

If you select "Standard Installation"in this window the installation will 
continue automatically and the setup is finished.

Selecting the "Custom" Installation you can define settings according to your 
requirements.

In the following window of the "Custom" Installation you define the 
programmfolder for the client software. (Default setting: "NCP Secure Client"). 
In the next window you can define whether the Program Icon should be displayed 
on the desktop or not. Please contact your system administrator or your internet 
service provider for additional information about your communication gateway. 
Communication with DHCP (Dynamic Host Control Protocol) means that a temporary 
IP Address will be assigned automatically for each communication session. If 
required, click on "Obtain an IP Address from DHCP Server". If you "Specify an 
IP Address", enter the IP address in this window. Default Gateway: If a network 
adapter with a Default Gateway is already installed, you will have to delete 
this Default Gateway Address. It is not possible to have more than one network 
adapter with a Default Gateway. DNS Address: You should only enter a DNS Address 
if you have been assigned one from your system administrator or ISP.

Thereafter you can define whether a logon to a remote domain should occur after 
establishing a connection to the remote destination's NAS, which may necessitate 
entering the PIN for your certificate and/or your Password (if not already 
stored in the Client Software). After establishing a connection to the remote 
destination's NAS, you can logon to the remote domain. This logon will be 
encrypted.

Please note: Activate this option before the Windows logon, thus the NCP Gina 
will also be automatically installed. The logon options can also be used only if 
the NCP Gina is installed after the Windows Gina - which is possible in this 
setup window. These logon options can be set via the Monitor menu of the Client 
under "Configuration".

If the logon option is not activated here, and if it will be used at a later 
point in time, then the NCP Gina can be permanently installed after this setup 
using the command
rwscmd /ginainstall
See the description "Secure Client Services" in this regard, in the appendix of 
the manual.

The data will now be copied from the installation CD or removeable disk. The 
associated network components will now be installed. 

This completes the installation of the Client Software. Click the "Finish" 
button. Before using the Client Software it is necessary to reboot your PC. 
Click on "Yes, I want to restart my computer now" and then click on "Finish" to 
reboot your PC. 


Assistant for first Configuration
--------------------------------------------------------------------------------

Once you have installed the Client Software and rebooted your PC, the Client 
Monitor will be automatically displayed on your PC. The "Assistant for first 
Configuration" will also be displayed, provided that you have installed the 
Client Software for the first time on your PC and that no previous Phonebook 
exists from an earlier Client Software. It is located in the installation 
directory.

If you do not use the assistant for creating such test destinations, then no 
entries will be added to the phonebook. In this case you will have to create 
your own phonebook entries, as described in the chapter "Client Monitor" under 
"New Entry - Destination".

If you use the assistant, click on "Next". If selected then an IPSec test 
destination will be added to the client's phonebook and the assistant will guide 
you through the definition of generic parameters. The following access data are 
created automatically: VPN protocol is IPSec, the Tunnel Endpoint of the VPN 
gateway is: vpntest.ncp-e.com, XAUTH userID and Password is "ncpipsecnative". 
The IP address of the DNS server is 172.16.12.100. The link type is LAN. 

If a connection via an ISP should be established, the parameters for dial-up 
must be configured in the profil settings. Setting up the variant with strong 
security you can use a test certificate.

The PIN of the test certificate is "1234" and must be entered wenn establishing 
the connection. Once you have saved the test configuration, you can set up 
immediately a test connection (in LAN mode) by clicking the "Test" button.

For further configuration of a profil refer the description under "Client 
Monitor, Profil settings" and "Configuration Parameters, IPSec settings".


Tests with the Entry Client
--------------------------------------------------------------------------------

After the test connection and the tunnel to the VPN gateway has been 
established you can execute the following tests.


Testing with Ping

Enter the following command at the DOS prompt:
C:\>ping 172.16.12.100 (<ENTER>)

Upon successful pinging your reply will look something like this:

Reply from 172.16.12.100: bytes=32 time=109ms TTL=128
Reply from 172.16.12.100: bytes=32 time=96ms TTL=128
Reply from 172.16.12.100: bytes=32 time=82ms TTL=128
Reply from 172.16.12.100: bytes=32 time=69ms TTL=128

The monitor displays the amount of data sent (Tx) and received (Rx) Bytes.

Testing FTP Access 

Your access data :
IP Address       :  172.16.12.100
User             :  anonymus

Proceed by the entering the following command at the DOS prompt:
C:\>ftp 172.16.12.100
Connection with 172.16.12.100
220 (vsFTPd 2.0.4)
User (172.16.12.100:(none)): anonymus
230 Login successful
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
SecEntryCl_Linux_de.pdf
SecEntryCl_WinCe_de.pdf
SecEntryCl_WinCe_en.pdf
SecEntryCl_Win_de.pdf
SecEntryCl_Win_en.pdf
226 Directory send OK.
FTP: 64d Bytes received in 0,00 Secounds 407000,00KB/s
ftp> close
ftp> quit


Testing Web Browser functionality

You can also make a test connection to the Web via the existing VPN tunnel
link by entering 172.16.12.100 in your Web Browser (or alternatively
www.ncp.de. This should connect you to NCP's Web Site.



Activation
================================================================================

In the "Help" Monitor menu, under the menu option "License Data and Activation", 
the software version implemented, and possibly the licensed version with serial 
number, are shown.

The client software is always installed as a test version. If the client 
software has not yet been installed, or if there is a previously installed older 
version, then the software has not yet been activated. This also applies if 
anolder version has already been licensed - then this older version will be 
reset to the status of a test version, and the license data must be re-entered 
within 30 days using the activation dialog.
 
The time remaining until software activation, i.e. the validity period of the 
test version, is displayed in the message bar of the monitor next to the 
activation button.

In order to use a full version with no time limitations the software must be 
released in the activation dialog with the license key and the serial number 
that you have received. With activation you accept the license conditions that 
you can view in the activation dialog after clicking on the appropriate button.

The activation dialog can be opened using the activation button in the message 
bar of the monitor, as well as using the the monitor menu "Help / License Data 
and Activation". The license data can be entered either online or offline using 
a wizard.

In the offline variant, a file that is generated after entering the license key 
and serial number must be sent to the NCP authentication server, and the 
activation key that will be displayed on the website must be noted. This 
activation key can be entered in the licensing window of the Monitor menu at a 
later point in time.

In the online variant, an assistant forwards the licensing data to the web 
server immediately after entry and thus allowing the software to immediately be 
released.


Test Version Validity Period
-------------------------------------------------------------------------------

The test version is valid for 30 days. Without software activation or licensing 
it will no longer be possible to setup a connection after this 30-day period 
expires.

After installation, each time the software is started the validity period will 
be shown in the popup window. Moreover in a footer of the Monitor the system 
will display how long the test version can still be used, and when 10-days 
validity remain, a message box will be displayed to remind you that the software 
has not yet been licensed. This message box will appear once a day.

When the trial period has expired, then only those connections to destination 
systems can be setup with the Entry Client software that are used for software 
activation/licensing. Thus one of the profiles of the Entry Client can be used 
to set-up an Internet connection for licensing purposes. Or a connection to the 
NCP Secure Enterprise Management can be established in order to download a 
licensed version of the software.

Important:
You must have at least a version 9.0 to activate the Client software under 
Windows Vista. This is the prerequisite. If a no-charge update to version 9.0 is 
available to you, then you will receive the associated license key when the 
software is activated. Otherwise, updates to version 9.0 can be purchased in the 
NCP e-store or purchased from your NCP dealer.


Software Activation
-------------------------------------------------------------------------------

When the test phase has expired the software must be either activated or de-
installed. To activate, select the menu option "License data and activation" in 
the monitor menu "Help".

Here you can see which software version you have and how the software is 
licensed, i.e. you can see that the test version has expired and that the 
software has not yet been activated/licensed.

Click on the license conditions to display the license agreement text. By 
activating/ licensing the software you accept the license conditions. Click on 
the "Activation" button to license the software. 

In the window that appears, select wether you wish to activate the client online 
or offline by selecting "Online Activation" or "Offline Activation" 
respectively. 

In the offline variant, a file that is generated after entering the license key 
and serial number must be sent to the NCP activation server, and the activation 
key that is then displayed on the website must be noted. In the online variant, 
an assistant forwards the licensing data to the web server immediately after 
entry and thus the software is immediately released.

After selecting the type of activation the license data is to be entered in the 
appropriate fields. Click on "Next"!


Online Variant

With the online variant the license data will be transmitted to the NCP 
Activation Server via an Internet connection. This Internet connection can 
either be established via the Data Communications Dialer, via DSL, or via the 
Entry Client.

If the Internet connection is not set-up via the Entry Client, then the 
connection must first be established in order to then start the activation 
assistant via the Monitor menu option, "Help" / License data and activation".

If the Entry Client is used to set-up the connection on the Internet, then a 
suitable profile must first be established for the Entry Client. Ensure that 
port 80 is released (for HTTP) if the firewall is activated. (If a proxy server 
has been configured in the operating system, then these settings can be 
transferred.) After the profile has been selected, click on "Next" to continue.

The Internet connection via the Entry Client does not have to be set-up prior to 
activation. It is set-up automatically after the desired existing profile has 
been selected in the assistant for software activation, and after clicking on 
the "Next" button.

The software is activated automatically in the specified sequence. 

As soon as the activation server detects that you are entitled to a newer 
software license and that the license key agrees with the installed software, 
then with online activation the new license key will be transferred 
automatically (license update), and thus the new features of the software will 
be released. Please see the section "Updates" at the end of this section for 
more information.

After concluding the activation process, in the window for the license data you 
can see that you now have a correctly activated full version.

The number of the software version and of the licensed version can differ if the 
licensing is only valid for an older version, otherwise the licenses must be 
updated with a newer license key. To do this click on the "Licensing" button. 
For more information see the description at the end of the offline variant.


Offline Variant

The offline variant is executed in two steps. In the first step a file is 
generated after entering the license key and serial number, and  is sent to the 
NCP activation server. The URL is:
http://www.ncp-e.com/en/service-support/software-activation.html

An activation key will be shown on the web site, and you must note this number 
in order to enter the license key in the licensing window of the Monitor menu in 
a second step. (This can also be executed at a later point in time.)

The offline variant can be initiated via the monitor menu "Help / License Data 
and Activation", and select this variant in the first window of the activation 
assistant. Click on "Next". In the second window of the activation assistant the 
two steps of the offline activation process are explained. The first step, 
creation of the activation file is selected automatically. Click on "Next" to 
continue. In the following window enter the license data and click on "Next".

Enter name and path for the activation file. The default is the installation 
directory of the software and the name ActiData.txt (with serial number).

Now the activation file is created and this file must be transferred to the 
Activation Server. For this the NCP web site must be called:
http://www.ncp-e.com/en/service-support/software-activation.html

There are two ways to transfer the activation file to the Activation Server. 
Either copy the content of the activation file with Copy & Paste, after you have 
opened the activation file with the Notepad (ASCII editor), into the window that 
is open on the web site, or click on the "Browse" button and select the 
activation file. Click on "Send"!

Then the activation code will be generated and displayed on the web site. Note 
the activation code and continue the activation process under the menu option 
"Help" / License data and activation", by executing the second step of the 
activation in the offline variant.

If the Activation Server detects that you are entitled to a newer software 
license and that the license key agrees with the installed software, then with 
the online activation the new license key will be displayed automatically. If 
you want to activate the new features then note the new license key, conclude 
the activation process, and then use the new license key.

The second step of the offline variant is triggered via the monitor menu "Help" 
"License data and activation". After the offline variant has been selected, 
select the second step. An activation assistant window will open where you can 
enter the activation code. After you have entered the activation code you can 
click on "Next". 
Offline activation is completed with the following window.

After concluding the activation process, you will see that you now have a 
correctly activated full version, in the window for the license data.

The number of the software version and the number of the licensed version can 
differ if the licensing is only valid for an older version.

If you have received a new license key from the Activation Server during the 
offline activation process (see above in the display of the activation code), 
then enter this license key for a license update, by clicking on the "Licensing" 
button.

In next window of the assistant, enter the new license key and click on "Next". 
The license data will be verified and then transferred. Click on "Finished" when 
the verification has been concluded.

In the window with the license data you will see that the number of the software 
version and the number of the licensed version now agree.


Updates
-------------------------------------------------------------------------------

Under the menu option "Check for updates" in the Monitor menu under "Help" you 
can check whether a version of the software that is newer than the version you 
have installed is available at NCP. This is also possible if a test installation 
has been installed. If a newer version is available at NCP, then a software 
update is always possible.

The software update always costs money if the newer version is a major release, 
which is indicated by the change on the first decimal place. For example: If a 
version 8.26 is installed and the next software version has the number 8.3 then 
a software update from 8.26 to 8.3, as well as use of the new features, will 
cost money. The new license key was activated as described above under software 
activation. The new license key is generated by entering the serial number and 
the update key that can be purchased locally from the reseller, on the following 
web site:
http://www.ncp-e.com/en/service-support/update-key.html

The software update always available free of charge if the newer version is a 
service release, this is indicated by the change of the second decimal place. 
For example: If a version 8.26 is installed and the next software version has 
the number 8.27 then a software update from 8.26 to 8.27, as well as use of the 
new features, will be free of charge. The new features can be used without 
activation with a new license key, as soon as the new software has been 
installed. A service release contains bug fixes, an extension of hardware 
support and compatibility extensions.


Software Updates

After you have selected the menu option "Check for updates" you will see the 
adjacent window. In order to check for new updates you will need an Internet 
connection. If the Entry Client will be used to set-up the Internet connection, 
then ensure that port 80 (for HTTP) is released if the firewall is active.

If a proxy server will be configured in the operating system, then these 
settings can be transferred. If the proxy settings are correctly configured, 
then click on "OK". The Assistant will now search for newly available software 
updates via the Internet connection.

If a software update is available then it is displayed as shown in the next 
window. (In this case the version is differentiated only via the build number.) 
Click on "Next" if you want to use the more current version. This downloads the 
installation package for the newest software.

Click on "Finish" to end the Monitor and start the installation of the software 
update.

After starting the Install Shield Wizard select the installation language (as 
you would for the standard installation), and then answer the update query with 
"Yes". Then the installation will be executed automatically. It is concluded 
when you reboot the computer.


Updateing and Uninstalling
-------------------------------------------------------------------------------

If you are already using a previous version of the Software it will be detected 
when attempting to install the new Client Software. If this is the case, then 
you will be asked if you wish to update your current Client Software to the 
newer version now in your possession. During the update the current profile 
settings, certificate data and call control manager statistics will be applied 
to the new client.

In order to uninstall the Client Software go to: "Start / Settings /Control 
Panel". Now click on "Add/Remove Software" and then select the client from the 
list of programs and then click on the "Add/Remove" button. The Uninstall Shield 
Program will now delete the client software from your PC.

Important: After the removal of the software components, the profile and 
configuration settings are still saved and can be restored in the event a newer 
version of the client is installed. In order to completely delete everything; 
manually remove the installation directory.


Upgrade to the Secure Enterprise Client
-------------------------------------------------------------------------------

You upgrade from a Secure Entry Client to a Secure Enterprise Client by 
replacing the licensing and the software. This can be done manually on-site, or 
via an Update Server.

For a manual upgrade the software is reinstalled from the CD, and "NCP Secure 
Enterprise Client" is entered as the product to be installed. In this process 
the install program recognizes that a software version has previously been 
installed and executes an update after appropriate confirmation (see 2.5). Then 
the new activation key with serial number must be entered in the Pop-up menu.

For an upgrade via an Update Server - the IP address of the Update Server is 
entered in the client's telephone book (see -> DNS / WINS). In this case the 
Secure Client software will be downloaded automatically the next time the client 
dials into the corporate network. At the next dial-in with this new software a 
CNF file (profile settings) with licensing key will be downloaded. This oncludes 
the update process.

===============================================================================
NCP engineering GmbH, December 2008
