Challenge Mechanism
The challenge mechanism in the APIs is used by client applications to authenticate the license (and thereby the path from the application to the license). It is not an explicit goal to make the challenge system tamperproof. However, it is a goal to be able to prove intent to subvert the system beyond a reasonable doubt. That is, subverting the license mechanism will require an overt act of programming. The intent here is to provide enough security so that a definite intent is needed to compromise it.
The encryption steps are simple and one-way. Even knowing the entire challenge algorithm (as documented in the appendix) does not compromise the level of security offered. The License Service API is only as secure as the steps taken by the software publisher to prevent patching. Even having a more complex challenge/response algorithm for the challenge response does NOT raise the level of security offered. Remember, the goal is to provide a sufficient level of protection such that the effort to defeat is obvious and intentional. Such an overt effort can serve as evidence in copyright violation prosecutions by organizations such as the Software Publishers Association.