Software and content piracy are significant problems. Each year, artists and software developers lose large sums of money to pirates who duplicate and/or distribute software and content without reimbursement to the owners. The advent of large-scale computing networks, such as the Internet, has exacerbated the problem, because content and software may be duplicated and distributed by pirates quickly and easily over large geographic areas.
Increasingly, content and software are being made available via wireless telephones. Wireless telephones are devices capable of transmitting and receiving voice and/or data (non-voice) information to and from a network without the use of wires, cables, or other tangible transmission media. So-called cellular telephones are a common example of wireless phones.
Wireless telephones and the networks by which they communicate operate according to various technologies, including analog mobile phone service (AMPS), circuit switching, packet switching, wireless local area network (WLAN) protocols such as IEEE 802.11 compliant networks, wireless wide-area networks (WWAN), short-range RF systems such as Bluetooth, code division multiple access (CDMA), time division multiple access (TDMA), frequency-division multiplexing (FDM), spread-spectrum, global system for mobile communications (GSM), high-speed circuit-switched data (HCSD), general packet radio system (GPRS), enhanced data GSM environment (EDGE), and universal mobile telecommunications service (UMTS). Of course, these are only examples, and other technologies may be employed in wireless communication as well.
Herein, the term ‘wireless device’ is meant to include wireless telephones (including cellular, mobile, and satellite telephones), and also to include a variety of other wireless devices, including wireless web-access telephones, automobile, laptop, and desktop computers that communicate wirelessly, and wireless personal digital assistants (PDAs). In general, the term ‘wireless device’ refers to any device with wireless communication capabilities. A wireless device may be a ‘client device’, which is any device that provides requests for services from a network. A ‘server device’ is a device of the network that receives and responds to client device requests. Of course, depending upon the circumstances, a client device may act as a server device, and vice versa.
Many companies produce wireless telephones and other wireless devices. Among the more well-known producers are Nokia®, Ericsson®, Motorola®, Panasonic®, Palm® Computer, and Handspring®. A variety of producers also provide wireless devices comprising versions of the Microsoft® Windows® operating software.
One method of content and software duplication involves “downloading”, whereby a client device (such as a personal computer, music player, wireless telephone, and so on) communicates with a server device to obtain a copy of content and/or software available via the server device. Various protocols are available for downloading, including Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP).
Client logic is software of the client device that makes requests to the server for content/software. To prevent unauthorized behavior and/or piracy, the server may authenticate the client logic before fulfilling the requests. Where the client and server communicate via HTTP, the server may refer to the “User Agent” HTTP header for an identification of the client logic. For example, the HTTP header may identify the client logic as “WAP Browser for Nokia Phones version 1.5”. The server may provide the requested content/software only to authorized client logic. Communication service providers (such as AT&T Wireless Services and other entities that provide wireless communications to subscribers) may enter into arrangements with content and software providers to provide content and/or software for subscribers of the service providers. Thus, content and software (such as ring tones and games for a wireless telephone) may be provided by the server to a “WAP Browser for Phones” but not to another browser application that is not authorized to receive this content and software.
A problem with this approach is that authorized client logic may be “spoofed” by unauthorized client logic. For example, HTTP client logic may set the User-Agent header to identify itself to an HTTP server as an authorized client logic for content and software, when in fact the application is not so authorized.