I am thinking of a "pay-per-view" j2me app, where users have to pay each time they request/fetch some "valuable" data.
Is there a "best practices" or any standard way of doing this..
I don't have problems with integration with the back-end payment system (being operator, or any payement service provider), but was thinking more about my midlet-servlet communication..
How about security issues, assuming that the user pays a monthly fee, then how do you authenticate the user, assumming you don't have access to the operator's network, and ur servlet simply receives a request from the wap gateway IP adress, and have no way of knowing the number (anyway, gsm security really sucks, and you should not rely on it.. but maybe securing your assets should not be more expansive then their actual value)..
I was thinking about saving a big random number on the phone (rms) that the user gets the first time he logs in.. any other ideas? how about embeddind that number in the midlet and generate a jar dynamically for each number, before sending the user application link?
Any help will be very much appriciated.. Thanking in advance!
But really, the easiest way is just to cut a deal with carrier and have them bill it for you. It saves a ton of trouble at your end. But carriers are hard to work with especially if you are a small shop ...
Well I though about putting a key in the jad, but this would be quite dangerous.. especially if they could some how read it and I think some mobile phones allow u to download / or even save your apps on a pc, so maybe one can change it according to his friends license, and if it he has unlimited access. Well in that case, he could also just get the jar as well, so maybe one should make an extra number that one saves using rms, and this number is only given once, from the server, once it identified the license of the user.
Anyway, do you guys have a clue about how to make sure none can download your application via the internet? I don�t want ppl to decompile my app! None of you guys needs to distribute his own app?
Please comment, give any ideas you might have
Originally posted by Tonny Tssagovic:
Well I though about putting a key in the jad, but this would be quite dangerous.. especially if they could some how read it and I think some mobile phones allow u to download / or even save your apps on a pc, so maybe one can change it according to his friends license, and if it he has unlimited access.
Well, that is the problem for *all* shrink wrapped software that require license keys. But in your case, you control the server. You can always require each user to "activate" their key before they use and each key can be activated only once ...