Mobile Slots: Technical stuff

The long-awaited MIDP 2.0 Java standard came with a few things that really started to make mobile Java useful. One was the full-fledged "socket" network connection, which enables phones to connect to servers the same way an ordinary computer does. Networked mobile Java applications existed prior to this, of course, but they typically simulated a persistent connection by making repeated HTTP requests. It was a clumsy, slow and rather costly solution, of interest to only a small group of techno-geeks.

That's not to say that MIDP 2.0 data transfer is particularly fast. Ping times (the delay between sending a simple message and getting a response) are typically a couple of seconds or longer on a standard mobile phone network. But that's good enough for most turn-based games -- and some solo games which are expected to have a noticeable response time, such as a slot machine, where the reels spin for a while before they stop. had featured a couple of moderately popular online slot machine games in its casino section. Building a mobile client application for it seemed like a good way to test the limitations of this technology. And since the communication might prove to be a bottleneck, I didn't let the phone connect directly to the game server, but to a machine that used a much slimmer and simpler communication protocol.

Besides hopefully being faster, this "proxy" also saves the user a bit of money, since mobile carriers typically charge per unit of transmitted data.

User authentication presented another problem. On the web, people use their nickname and password to log in, but this would be unnecessarily awkward on a phone. Typing it in would discourage people from playing. So it was decided that the mobile game would use a 5-digit PIN code instead. The digits are then combined with a session-specific 16-byte random sequence and a user-specific 16-byte string, using the HMAC keyed hashing algorithm. (By the way -- sending the wrong PIN code five times in a row disables your copy of the application, on the server side.)