Hi,

If I am developing games or applications for different phones like Nokia, Siemens, Ericsson, how can I ensure that the users who download my MIDlet (after making proper payment), do not forward the JAR and JAD to others ?

Nokia and Ericson have something called DRM packager, which can do what I require. But the files generated are of the type .dm and JAR. As a result, only DRM enabled phones (which are only the new phones) can take advantage of this.

In addition, Siemens do not have any such DRM tool at all. (I think)

So how do all these developers ensure forward lock i.e. legitimate users cannot forward the JAR and JAD to other users or even if they can, it should not work on phones who have not made their payments.

Any advice ?

Regards,
Arnab

There's no universal answer to this question. You can only make it difficult, not impossible, for pirates.

Somebody could always use an emulator to masquerade as a phone and download your JAR. Once on a PC, they could hack away at any security you put in place.

Your best bet is to leverage some kind of partnership with a carrier. You need to make sure that your application is only being downloaded by a real handset. That means some type of challenge/response encryption system.

Alternatively, you can try embedded an on-line activation proceedure for your programs. When the MIDlet starts up it should send a serial number to your server that authorizes the program to run. If you get duplicate serial numbers, don't authorize the application. This is basically what Microsoft does now-a-days with their registration system.

It's still not bullet-proof by any means, but it's that much harder to crack.

You should also realize that most phones can not simply "forward" an application to another phone. In fact, I have yet to see any phone that can do that. Simply doing some basic checks to see if your program is being sent to a real phone is probably sufficient for most publishers.

William Frantz
http://sprintdevelopers.com
[ February 07, 2005: Message edited by: William Frantz ]

Hi William,

Isn't it easy to transfer the JAR and JAD using MMS or BT ? Specially for Siemens phones which have File System access ?

Regards,
Arnab

Isn't it easy to transfer the JAR and JAD using MMS or BT?

I haven't used a Siemens phone in a long time, but I have used lots of CDMA phones, a couple iDENs, and a few GSM handsets in my day. I have *never* seen a phone that will send or receive a JAR via MMS or Bluetooth.

Oh, I believe they are out there. I've heard of people installing JARs through serial data connections, but in the USA, I believe it is the exception not the rule. I guess you need to consider your target market. On Sprint PCS, it's just not possible. Can't do it on Nextel either. Verizon uses Brew rather than J2ME. Maybe there's some phones on Cingular that can do it. I don't know.

William Frantz
http://sprintdevelopers.com