Overview

The Intel AppUp® center includes an authorization mechanism to ensure that an application has been legally purchased or obtained. This is a dynamic runtime process that allows an application, at startup time, to determine if the user as well as the current device is authorized to run the application. There is also an initialization step that needs to be completed prior to authorization that sets up communication between the application and the Intel® components.

Client Agent and Backend Framework

In order to accomplish the authorization and other framework functionality, an Intel headless client agent exists locally on the device the user is running. When the application attempts to initialize the Intel components and authorize the user, the client agent steps in and either services the request itself or shuttles requests and responses between the Intel backend infrastructure and the application. The backend infrastructure is the piece that actually authorizes or denies the application to run. This is essentially accomplished by tracking an ApplicationID and a UserID, identifying the requesting device and then determining if they all match up. The ApplicationID is a unique ID issued by Intel for a specific application. This ID is generated during the application submission process. The UserID and machine identification are handled internally by the Intel Developer Zone infrastructure and are not exposed to the application. Incidentally, for debugging purposes there is a tool available in the Intel AppUp® SDK, Application Debug and Test Service (ADTS), that emulates the client agent and simply returns success for the initialization and other SDK method calls.

Initialization

The first step that needs to be completed before attempting authorization, or using any other Intel AppUp SDK functionality, is to initialize the Intel client agent. This is accomplished in different ways depending on your language of choice. For example, in C a simple method call is made, while in C++/.NET* SDK, initialization is performed in the constructor. Upon successful return, simply continue application execution. There are however several error states that can exist, including absence of the Intel client agent. It is important to capture a failed initialization attempt, notify the user and then either retry or terminate application execution. In fact if you ignore a failed initialization, unintentionally or otherwise, you will not pass the Intel Validation Process. Refer to the appropriate SDK Language Reference for further details.

Authorization

Next is to complete the authorization process. As mentioned above, this is accomplished by the application calling into the Intel client agent, which in turn contacts the Intel backend infrastructure for actual authorization. Authorization needs to be accomplished each time the application is run. After successful authorization, there is no need retry or recheck authorization during the same run as once is considered sufficient. The details of how this is accomplished are language specific. For a C application a method call, ADP_IsAuthorized, is made. In C++/.NET* SDK, authorization happens automatically in the construction of your Application object. You then call GetAuthorizationStatus to obtain the result. Refer to the SDK Language Reference for further details of both cases. Upon completion of the authorization process there are several possible states: the application is authorized to run, the application is not authorized to run or one of several error states. If the application is authorized to run then execution can continue, whether calling other Intel AppUp center methods or normal program flow. There is no need to notify the user in this case. If the application is not authorized to run then the user should be notified and execution of the application be terminated. If any of the various error states are encountered you should notify the user and possibly attempt to resolve the state and retry. If the error state cannot be resolve, the application execution must terminate. It is important to capture a not-authorized or error state and act appropriately. In fact if you attempt to continue execution of the application without resolving either of those states the application will not pass the Intel Validation Process.

Special Cases

Components

A special case of authorization is that of components. Components, in the context of the Intel AppUp center, are libraries of useful code but don’t in and of themselves comprise an application. They are distributed through the Intel Developer Zone portal to other developers who include them in their own applications. Since components are a independent entity that can be purchased, they also must go through the authorization process. You can think of the authorization difference between application and components in this way: doing authorization for an application is asking if the user and device are authorized to run the application, authorization for a component is asking whether the application is authorized to use the component. Other than this difference in perspective, the authorization process for components is conceptually the same as for application. There are differences in the method names and returns that are detailed in the SDK Language Reference.

Open Source Applications

Another case requiring special consideration is the open source project. In most cases there is simply no authorization required. This makes sense considering that fact that the ApplicationID, upon which security is based, would be exposed to the world and therefore be completely ineffective. However, one case to make note of is that of an open source application making use of a proprietary component. Currently this case is not supported due to issues surrounding authorization. In general, open source projects are not required to integrate the Intel AppUp SDK to pass validation and use of the SDK is optional based on the objectives of the individual project.

Conclusion

Intel AppUp® center initialization and authorization are important housekeeping functionality that is easily accomplished. Correctly understanding and implementing the architectural concepts detailed above will not only enable your application to pass the Intel Validation Process, but will also protect the license and usage agreements between the user, your company and Intel. For further information and details please refer to the Intel® Developer Zone website at http://software.intel.com/en-us/ and the Intel AppUp® center website at http://www.appup.com/applications/index.