Hacker News new | comments | show | ask | jobs | submit login

If I understand your solution, what's keeping Person A from restoring from an earlier backup where the access was still valid? Or even sharing the backup with all the games available?

The tokens would be signed with an expiration, so if they backed up to a time when they had a valid "access" token, the verification would fail (assuming the device has an internal chronometer that the user can't modify). If they were to lend the game to a friend, then back up to a time before they lent the game, there could be a problem.

So it'd be up to the backup software with access to the sensitive storage being smart enough not to cause that problem. Alternatively, backups and restores could require an internet connection.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact