Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
New Developer
Posts: 8
Registered: ‎02-24-2009
My Device: Not Specified
Accepted Solution

noobie question: authentication using PIN?

Hello folks,


Just got my first Blackberry a few months ago and am contemplating create an app that I might want to sell in the as-of-yet non-existent app-store. I have a few basic questions about this process however.

The app I have in mind is a front-end app to run on a blackberry, and accesses services made available on some web server I'd have to set up. Now, if I'd like to ensure that only people who purchased the app can access the services made available on the web server, how would I go about doing that?

I was imagining that I would accomplish this by using the unique ID (PIN) of the device, using

DeviceInfo.getDeviceID()

passing it into the server and validating that the device is one from which the app was actually purchased.

Question is, with the new app storefront, will I get PIN information per purchase? Or will I have to require each purchaser to register their pin on the server?

Or am going about this the completely wrong way? Should I not be using one's PIN?

Please advise, and thanks in advance for your help!

e

Developer
Posts: 432
Registered: ‎02-23-2009
My Device: Not Specified

Re: noobie question: authentication using PIN?

At the time of user login to your application or in purchasing process, you can retrieve his handheld PIN and use that PIN as indentifer for user on server whether he is having purchased version or not.

 


If your problem was get solved then please mark the thread as "Accepted solution" and kudos - your wish

 

Deepesh Gupta
New Developer
Posts: 8
Registered: ‎02-24-2009
My Device: Not Specified

Re: noobie question: authentication using PIN?

Deepesh,

 

Where have you read that the application storefront can provide me the PIN upon purchase?  I cannot find any sample code or documentation describing this workflow.  How does one receive notification of a purchase?  What information will be available in each notification?

 

Many thanks in advance!

 

e

Developer
Posts: 5,339
Registered: ‎09-20-2008
My Device: ***
My Carrier: ***

Re: noobie question: authentication using PIN?

Developer
Posts: 432
Registered: ‎02-23-2009
My Device: Not Specified

Re: noobie question: authentication using PIN?

Hi emang,

 

You can use DeviceInfo.getDeviceId() to retrieve PIN of a BB handheld.  Now when any user login to your application then you can run this(DeviceInfo.getDeviceId()) to get PIN and then pass this PIN to your server and now you can use this PIN as refrence to check.

 

PS: If you need to thank, give Kudos


If your problem was get solved then please mark the thread as "Accepted solution" and kudos - your wish

 

 

 

 

Deepesh Gupta
New Developer
Posts: 8
Registered: ‎02-24-2009
My Device: Not Specified

Re: noobie question: authentication using PIN?


tbilisoft wrote:
Try to ask your question there: http://supportforums.blackberry.com/rim/board/message?board.id=PM_Dev_Board&message.id=200

 

Thanks!  Just did.

Developer
Posts: 5,339
Registered: ‎09-20-2008
My Device: ***
My Carrier: ***

Re: noobie question: authentication using PIN?

You're welcome Smiley Happy
New Developer
Posts: 8
Registered: ‎02-24-2009
My Device: Not Specified

Re: noobie question: authentication using PIN?


Deepesh wrote:

Hi emang,

 

You can use DeviceInfo.getDeviceId() to retrieve PIN of a BB handheld.  Now when any user login to your application then you can run this(DeviceInfo.getDeviceId()) to get PIN and then pass this PIN to your server and now you can use this PIN as refrence to check.

 

PS: If you need to thank, give Kudos


If your problem was get solved then please mark the thread as "Accepted solution" and kudos - your wish

 

 

 

 


Deepesh,

 

Use the PIN as a reference to check against what exactly?

 

I understand that I can get the Device ID on the client side.  My question is this: on the server side, how can I validate that the Device ID sent in corresponds to the Device ID of someone who purchased my software?  As opposed to the ID of someone who got my app from someone else and also wants to use my app.

 

I basically need to know where I can learn more detail about the application storefront purchasing workflow.  Do you happen to have any insight on that?

 

Thanks!!

 

e

Developer
Posts: 432
Registered: ‎02-23-2009
My Device: Not Specified

Re: noobie question: authentication using PIN?

Hi emang,

 

If a user purchase your software then his device id is with you on your server which you get at first succesfull login after purchase and if that device id is not with you on your server then this means this user didn't purchase your software.

 

 


If your problem was get solved then please mark the thread as "Accepted solution" and kudos - your wish

 

 

 

Deepesh Gupta
New Developer
Posts: 8
Registered: ‎02-24-2009
My Device: Not Specified

Re: noobie question: authentication using PIN?


Deepesh wrote:

Hi emang,

 

If a user purchase your software then his device id is with you on your server which you get at first succesfull login after purchase and if that device id is not with you on your server then this means this user didn't purchase your software.

 

 


If your problem was get solved then please mark the thread as "Accepted solution" and kudos - your wish

 

 

 


Deepesh,

 

I must admit, I'm not sure I follow.  You seem to be suggesting the following:

 

1) User purchases software

2) User runs the software, which takes the device ID and relays it to my server

3) Store the device ID in a registry

4) Validate any other server requests against this registry of IDs

 

But what's to stop a user from buying the software, passing it around to all of his friends, then all of them logging in for the first time around the same time?  I would have no one from differenciating the valid app from the bootlegs, right?

 

Or am I misunderstanding what you're suggesting?

 

What I would ideally like is new device IDs being in the registry even prior to any first login, and I imagine this could only work if the app storefront sends notifications of purchases that includes the PIN of the app on which the purchase occurred.

 

Thanks,

 

e