Solution Overview

Moway Solution is a complete protection and licensing framework built around the Moway USB dongle & SDK. It enables developers to:

  • Use Moway Device as a secure license container, Store licenses, cryptographic keys, and sensitive data securely in Moway's 32 bits smart chipset;
  • Implement flexible licensing models with Moway runtime API without building a license server;
  • Integrate the Moway runtime API and cryptographic API for signature verification and challenge/response authentication.
  • Protect (with Virbox Protector) the integrated applications from piracy, tampering, and reverse engineering;

Use USB device to implement a customize protection & Licensing scheme.

Essential knowledge before to design tailor made protection & License solution based on USB dongle

Implementation Options for Customized Protection & Licensing

Moway provides two options to developer to implement customize license scheme:

Option 1

Codeless Protection & Licensing (Toolchain)

  • Build and deploy a secure, instant protection and licensing scheme — designed especially for developers who lack extensive experience or resources in copyright protection and license management.
  • Use the Moway Toolchain together with Virbox Protector to configure PID, Download license files to Moway device, and protect applications without writing code.
Option 1 is ideal for developers who:
  • Do not have an existing licensing system;
  • Need fast deployment;
  • Have limited resources or protection & Licensing experience;
Using the Moway toolchain, developers can:
  • Initialize Moway USB dongles
  • Generate PID to Moway Device;
  • Create and update license packages;
  • Manage files stored inside the dongle;
This approach allows you to build a complete protection and licensing workflow without writing code.
Option 2

Customized Protection & Licensing Scheme (Integration with Moway License API)

  • Design and implement a secure, customized protection and licensing scheme — tailored for developers with extensive experience and resources in copyright protection and license management.
  • Key capabilities include:
    • Hardware fingerprint binding: Bind licenses to a specific Moway device or to the target machine’s hardware fingerprint.
    • Flexible license terms: License individual software functionalities, enable upgrades, and define customizable policies.
    • Signature verification: Use cryptographic algorithms for authenticity and integrity checks.
    • Challenge/response authentication: Strengthen license validation with secure cryptographic workflows.
  • Use the Moway License API, cryptographic API, and Virbox Protector to integrate licensing logic directly into your application and harden it against tampering or bypass.
Option 2 is ideal for developers who:
  • Already have a licensing system;
  • Require advanced security & store license in secured hardware based license container;
  • Need full control over licensing logic;
Using the Moway API, developers can implement:
  • Hardware binding
    • Bind license to a specific Moway dongle
    • Bind license to a specific machine (hardware fingerprint)
  • Cryptographic signing & verification
    • Use RSA/ECC keys stored inside the dongle
    • Verify software integrity and authenticity
  • Challenge/response authentication
    • Prevent replay attacks
    • Validate genuine users
  • Flexible licensing terms
    • Feature‑based licensing
    • License upgrade
    • Time‑based or usage‑based licensing

High‑Level Workflow

Step Description Path Options
1. Select Implementation Option Choose between codeless option (PID‑based protection) with toolchain or API integration option with API integration Option 1: Toolchain /
Option 2: API Integration
2. Initialize Moway Device Use seeds to generate PID for each Moway device, change password, and perform initial setup Applies to both options; with toolchain: DevTestTool
3. Define Licensing Policy Configure/Define license terms, enable upgrades, or set feature‑based licensing Option 2 only: API Integration
4. Integrate Moway runtime API / cryptographic API Implement license policies and security mechanisms such as hardware binding, signature verification, and challenge/response authentication Option 2 only: API Integration / Toolchain required (download license file or cipher key); primarily via API integration
5. App Shielding with Virbox Protector Apply code hardening and protect applications against tampering or bypassing license logic Required for both options

Typical Application Scenarios

Moway supports both instant deployment and advanced integration paths, allowing software vendors to choose a licensing model that matches their current infrastructure, security requirements, and product strategy.

1. Instant Licensing with PID (No License Server Required)

For developers without a license management system and with only simple license terms required, Moway provides a fast and secure way to protect applications using PID-based licensing.

Implementation Process
  • Use the Moway PID to build an instant and secure protection scheme.
  • Set PID and initialize the device with minimal setup effort.
  • Use Virbox Protector with the same PID to protect applications quickly and safely, without the need for a license server.
Benefits
  • Minimal development effort
  • Quick deployment
  • Secure hardware storage
Applicable For
  • Developers who have not established a license management system.
  • Teams lacking resources, time investment, or prior experience in software protection.
  • Projects requiring a simple secure licensing system with minimal investment.
Instant Licensing with PID

2. Moway as a Secure & Portable License Container

For developers already using third-party licensing systems such as Flexera or Reprise, Moway can serve as a secure hardware container to strengthen license security.

Implementation Process
  • Store license files directly inside the Moway dongle.
  • Prevent unauthorized copying, cracking, or tampering of license data.
  • Enable portable licensing across different machines by carrying the dongle.
Applicable For
  • Developers who rely on external licensing systems but need stronger hardware-level protection.
  • Teams requiring portable licensing that can move securely between environments.
  • Projects where license files must be safeguarded against external access or duplication.
Benefits
  • Hardware-based protection against tampering and theft
  • Portable licensing across multiple machines
  • Enhanced security without redesigning current workflows
Moway as a Secure & Portable License Container

3. Genuine Software Verification via Digital Signature

Moway supports asymmetric cryptographic algorithms (RSA/ECC) to ensure that only genuine, unmodified software can run on authorized devices.

Implementation Process
  • Sign software binaries or critical data using RSA/ECC private keys.
  • Verify signatures securely inside the Moway dongle.
  • Detect tampering or unauthorized modifications before execution.
Applicable For
  • Developers who need to guarantee authenticity of distributed software.
  • Enterprises requiring strong protection against counterfeit or altered applications.
  • Industrial or embedded systems where integrity verification is mission-critical.
Benefits
  • Strong assurance of software authenticity
  • Protection against tampering and unauthorized modification
  • Hardware-based signature verification for enhanced security
  • Seamless integration with existing cryptographic workflows
Genuine Software Verification via Digital Signature

4. Challenge/Response Authentication

Moway supports symmetric cryptographic algorithms such as HMAC-SHA1, HMAC-SHA256, and AES to enforce secure challenge/response workflows, ensuring only legitimate users and applications can validate license ownership.

Implementation Process
  • Generate a cryptographic challenge from the application.
  • Verify the response securely inside the Moway dongle using HMAC algorithms.
  • Prevent replay attacks and unauthorized reuse of license credentials.
Applicable For
  • Offline environments where server-based authentication is not feasible.
  • High-security applications requiring strong local validation of license ownership.
  • Developers seeking lightweight but robust authentication mechanisms.
Benefits
  • Strong user and license authentication
  • Protection against replay attacks
  • Hardware-based validation inside Moway dongle
  • Ideal for offline or high-security deployment scenarios
Challenge/Response Authentication

Core Security Mechanisms

  • CC EAL4+ Smart Chipset with Secure Storage: Moway integrates a Common Criteria EAL4+ certified smart chipset, available in 8KB and 32KB capacities. It securely stores license files, cryptographic keys, and critical data, preventing unauthorized reading, copying, or execution outside the device.
  • RTC (Real-Time Clock) Enforcement: Moway devices with RTC ensure accurate enforcement of time-based licenses. The secure hardware clock prevents tampering, manipulation, or time theft, guaranteeing that licenses expire exactly as defined.
  • Hardware fingerprint binding: Bind Moway device with the target machine's hardware fingerprint, ensuring licenses cannot be transferred or reused on unauthorized hardware.
  • Flexible license terms: Define granular licensing policies such as feature-based licensing, license upgrade, and customizable usage rules to support diverse business models.
  • Signature verification: Use cryptographic algorithms to verify authenticity and integrity of license data, preventing tampering or forgery.
  • Challenge/response authentication: Strengthen license validation with secure cryptographic workflows, ensuring only legitimate applications can access licensed features.
  • App shielding by Virbox Protector: App shielding and code hardening defend against reverse engineering, debugging, and bypass attempts, providing robust protection for both licensing logic and application code.

FAQ

Q1: Do I need a license server to use Moway?

No. Moway supports offline licensing using the USB dongle.

Q2: Can I integrate Moway with my existing licensing system?

Yes. Moway can act as a secure hardware container for third-party license files.

Q3: Does Moway support feature-based licensing?

Yes. You can enable or disable features based on your license terms defined by calling the Moway Runtime API.

Q4: Can Moway prevent reverse engineering?

Yes. Combined with Virbox Protector, Moway provides multi-layer protection against static analysis and dynamic attacks at runtime.

Q5: What is the storage capacity of Moway dongle?

Moway offers secure storage options of 8KB or 32KB, certified at CC EAL4+ level.

Q6: Does Moway support time-based licensing?

Yes. The built-in RTC (Real-Time Clock) ensures accurate enforcement of time-based licenses and prevents tampering.

Explore Moway

Product Details

Specifications, features, SDK, APIs, toolchain, encryption capabilities.

Learn More

Solutions

Typical protection scenarios and licensing models using Moway.

Learn More

Trial & Buy

  • Codeless evaluation using PID + Protector
  • API integration samples (4 sample projects)
  • Moway pricing table
Learn More

Best Practice

Essential knowledge for software protection & licensing:

  • Common attack methods
  • Protection strategies
  • How to design custom licensing schemes
Learn More