There's no easy way of doing this. Your best bet is to trust your users and not waste time trying to deal with the ones that will steal from you. Statistics I've heard (I don't have the source) are:
80% of users are honest and will buy the things they want
15% of users are dishonest and will steal the things they want if they can, or ignore it if they can't
5% of users are dishonest and will steal the things they want if they can, or buy it if they can't
If you don't want to do this, then I think the only way to reliably do this is to set up a server:
Player makes purchase in your app -> Apple's servers process payment -> Your app gets receipt -> Your server gets the receipt and check's with Apple's servers that it's legitimate and stores in a database that the user has purchased the item.
Then, right after the purchase or whenever your app needs to know, it asks your server -> Your server queries it's database and does a private key encryption on its response -> Your app receives the response and uses a public key to decrypt the message and determine what the user has purchased.
Your server uses a private key and your app a public key to minimize the odds that an attacker can spoof the message... of course, a determined hacker could jailbreak their phone, modify your binary to replace your public key with their own, and set up their own server which generates responses using their own private key.
The odds of that particular attack seem quite slim given that it seems to me that anyone that could make such an attack has better things to do with their time and money than to hack your server so they can steal a few dollars worth of in-app purchases.
