The basic idea is to have two DM functions:
* Function #1: given a client and a seed, return a unique value. This value would basically be an internal md5() of the corresponding ckey and the seed, salted with some arbitrary values and thus obfuscated (let's call that internal_hash(ckey,seed)). It would only be useable with active clients, even though it is based of the ckey.
* Function #2: given a ckey, a seed, and a value, run internal_hash(ckey,seed) and return 0/1 if it matches/doesn't match value.
To use this, the outside server could send a (random) seed to the BYOND program, which could then perform function #1 on a live client and send the result back to the server. The server could run function #2 to see if the results match; if they do, it could send whatever data the game originally requested (in Gaku's case, a list of forum notifications for the requesting client/ckey). A malicious game could spoof this info, but only for clients currently logged in (and if the seed changes when they aren't, spoofing would fail).