User Agent/Referrer Verification
This is a snippet of code which verifies access to a given resource based upon a combination of access to a referring resource and a user-agent string. The client generates an sha256-hmac based on the contents of the referring resource (which the client must have access to) and its user-agent string. This HMAC is sent along with the request for a resource.
Thus, given a list of referring resources and valid user agents, the server can generate a list of valid keys by performing the same sha256-hmac process on each combination. If a client sends a request which does not appear in this list of keys, the request is denied.
I would be interested on an expert opinion as to whether this is considered an “effective” technological copyright-protection mechanism according to the Copyright, Designs and Patents Act 1988 (as amended by The Copyright and Related Rights Regulation 2003), and whether implementing a third-party client which implements this protocol (for the purposes of interoperability) constitutes “any device, product or component which is primarily designed, produced, or adapted for the purpose of enabling or facilitating the circumvention of effective technological measures” as specified by section 296ZB of the Act.
