You can serial-number your product, internally, of course, and then encrypt the downloadable code patches with the user's serial number, conveniently hidden away within code space, then include a small decryption routine that allows the encrypted "patch" to be downloaded, a sector at a time, decrypted, then programmed. You can even obfuscate the serial number by distributing it within a predefined block of code space, with an offset that is, say, the checksum of the serial number. The patch, that knows the serial number, can easily find it, while an attacker will be scratching his head for some time.

The key to making this work is to use the serial number without making any specific mention of it to the end-user. When he downloads a patch, he has to tell you who he is, and you then encrypt his version of the patch with the serial number that you've assigned him. If someone else tries to use that patch, he can try, but will fail because it yields rubbish.

I don't know how much this will secure your product against the truly determined attacker, but, since the serial number in each product will be different with each unit, yet transparent to the "honest" user, it will not be "dirt-simple" for someone to abuse your encrypted patches. Since you'll have IAP code within your product, you are free to do whatever you like within it.

RE