I have a server application which provides functions to a client program. The client is also programmed by me. Now I want to authenticate the client program itself (not any user) before using my service. I want to achieve that my service can only be used by executing my client software. The problem is, that both server and client aren't necessarily connected to the internet. Therefore, any authentication via a third entity cannot be used.
In my opinion, some secret has to be compiled into the executable of the client program and something like a challenge-response-procedure has to be performed.
What do you think about this thought or do you any have other ideas?
I've already thought about a client certificate but the certificate itself has to be compiled into the executable, too.
Thanks in advance.