11.3 Service Items: General
Note:

In Nintendo e-commerce documentation, the term license information refers to information describing how long or how many times the user has the rights to use a service item. This information includes, for example, the remaining active period or expiration date of subscription tickets, and the remaining number of uses of consumable tickets.

11.3.1 Server-Side Support

Servers must be prepared appropriately in order to provide services that use service items. Comply with the following requirements when using a server. Also see volume 6 Internet Communication.

■ Using the Service Locator Feature
Because you must use a server to implement subscriptions, for security reasons you must use either authentication tokens or service tokens. See sections 6.7.1 Authentication Tokens and 6.8.1 Service Tokens for specific details of items you are required to comply with when using authentication tokens or service tokens.

■ Encrypting Communication With the Server
When sending ticket information from the application to a server, use HTTPS or a similar protocol for improved security and to prevent packet eavesdropping, man-in-the-middle attacks, and server spoofing.

■ Displaying Application-Specific Errors
Nintendo manages all network-related error codes in order to prevent duplication. See section 6.3.1 Displaying Errors During Internet Communication for details.

11.3.1.1 Support for Encrypting Communication with Servers

Guideline Item

The application must securely send ticket information to servers.

Software to Be Tested

Applications that use service items.

Test Method

Check the source code.

Pass/Fail Determination

Passes if the application encrypts communication using HTTPS or other protocols.

11.3.2 Using Service Items

Titles that use service items must comply with the following.

■ Prohibition of Ratings Deviations due to Service Items

Service items must not carry a different ESRB rating or different content descriptor(s) than the core product. For example, it is prohibited to sell subscriptions to content that contains violent imagery for an application rated for all ages.

■ Support for the Setting of a Maximum Service Period for Subscription Tickets

You must configure a maximum service period for subscription tickets in IMAS for any subscription service that has an expiration element. Submit this maximum service period (in days) together with the subscription ticket price in IMAS. Configuring this setting is required for submission. Similarly, when you discontinue a subscription service, make sure that users can continue using that service until at least this maximum service period has expired, assuming that this maximum service period starts on the last day subscription tickets can be purchased.

 

11.3.2.1 Prohibition of Ratings Deviations due to Service Items

Guideline Item

Service items must not deviate from the rating of the application.

Software to Be Tested

Applications that support the sale of service items.

Test Method

Check the source code.

Pass/Fail Determination

Passes if the service item does not deviate from the rating of the application.

11.3.3 User Inquiry Support

You must implement a mechanism for uniquely identifying user license information saved within servers, for when there is a user inquiry. This is so that licensees can provide appropriate support when there is a problem, such as license information that the user is supposed to have purchased not being properly reflected.

Mechanisms for uniquely identifying license information include the following.

  • Provide a support number that can uniquely identify the user, and provide a screen (or mode) within the application where the user can confirm that number at any time.
  • Provide a posting form for issue reporting that the user can post at any time, and include data that can uniquely identify the user in the posting data.

However, if you display support numbers within the application, it is prohibited to use numbers such as the following without any modification.

  • Information disclosed to third parties, such as Nintendo Network IDs.
    This is to prevent widespread spoofing by people other than the users themselves.
  • Account IDs or principal IDs obtained by calling the nn::ec::CTR::GetAccountId function, or by calling the ECSV library's EC_VerifyExtendedTicket function and using the value in the accountId member of the ECExtendedTicketInfo structure returned by this function.
  • Principal IDs from Nintendo Network IDs obtained by decoding service tokens.
    This is to prevent fraudulent receipt of services by using the support number displayed in one title to make a support inquiry regarding another title.

You could, for instance, store a table on the server that correlates the above IDs with separate support numbers.

11.3.3.1 Implementation of User Identification Mechanisms

Guideline Item

You must implement some mechanism that uniquely identifies users, for user-support purposes.

Software to Be Tested

Applications that support the sale of service items.

Test Method

Check the source code.

Pass/Fail Determination

Passes if a mechanism to uniquely identify users is implemented.

11.3.3.2 Prohibition of Support Numbers That Can Be Guessed

Guideline Item

You must not use unchanged account IDs, unchanged principal IDs, or any unchanged information disclosed to third parties as support numbers.

Software to Be Tested

Applications that support the sale of service items.

Test Method

Check the source code.

Pass/Fail Determination

Passes if the following numbers are not used unchanged as support numbers:

  • Information disclosed to third parties
  • Account IDs
  • Principal IDs

11.3.4 Compliance with the Act on the Settlement of Funds

If the application provides consumable tickets for sale in Japan, it is the responsibility of the publisher to comply with the Act on the Settlement of Funds.

If consumable tickets for sale meet all of the following conditions, they may be considered equivalent to "prepayment" and therefore be subject to the Act on the Settlement of Funds.

・sold in Japan

・purchasable (not free)

・expire more than 6 months after the date of issue

Note that even if the consumable tickets are not referred to as currency, they may still be considered equivalent to "prepayment" depending on how they are used.

For markets other than Japan, you must comply with local laws and regulations.

No required guideline items.

 


CONFIDENTIAL