11-15-2008 03:26 PM
This may sound a bit vague but I am looking for a way to ensure that an http connection is originating from a physical blackberry device and would like to use the PIN/IMEI (or other unique identifier) for an application that otherwise doesnt need user authenticationor registration.
Are there any native certificates available on the blackberry device that can be used to guarentee that a connection is being made from a physical blackberry device and then can be used to sign the PIN/IMEI etc ?
I know the MDS/BES can insert an HTTP header with the device PIN that can be helpful to the extent that the BES/MDS can be trusted by the target application server - but there may be chained proxies along the way that make it somewhat less reliable. Also, several customers will be on the BIS/WAP etc
Alternatively, is there anything I can do in my native blackberry app running to the device to gaurentee that it is running on a true blackberry device ? I can then create a chain of trust with my application server.
11-28-2008 10:44 AM
The following link explains the headers sent from the BlackBerry Browser. You can use these to identify a BlackBerry Browser user, however there is no way to guarantee these values have not been spoofed by another application running on a non BlackBerry device.
How To - Retrieve information about the BlackBerry Browser
Article Number: DB-00435