We are having an iOS web app for the iPhone 6s. This app needs user authentication in the context of licensing. The user should be able to authenticate himself and must not be able to give his own license to someone else.
Here are the ideas I was thinking of yet:
1: IMEI
If I could retrieve the IMEI using PHP or JavaScript, it would be a great start. But this is not possible, unless it's a native app. And that's just not an option here.
2: Authentication token
Passing a secret authentication token through the URL, like a serial key could work. But the user could easily give it to someone else. And checking IP addresses to detect unlicensed use is not easy, because IP addresses of mobile devices change and make it hard to distinguish one user having different IP addresses from multiple users.
I'm trying hard to think outside the box. But is there any way to authenticate the user of this iPhone web app securely?
We don't want security through obscurity solutions here; It may be not possible to make it definitely impossible to bypass. But it should be as secure as possible.
Aucun commentaire:
Enregistrer un commentaire