I’m required to implement a license management and i could not understand the difference between an online and offline license verification. Could you please try to help me?
Speaking in general terms, with offline verification, all the details are stored locally, while online verification, some or all the details are stored on the licence server. Choosing offline or online verfication has these main implications.
Offline verification typically offers only indirect control over the licence. For example, revoking a licence is either not possible or requires adding the licence to a licence Blacklist that is included in next release of your app.
Online verification offers more immediate control. When a licnece is revoked, the change becomes apparent as soon as the licence is checked, typically when the user next launches the application. The same is true for other changes to the licence, such as allowing more usages, extending the expiration date, With offline use, you would have to send the customer a new licence to effect this changes.
Offline activation is in principle the less secure of the two. With offline verification, all the secrets are stored locally. That is, the key and the lock are in the same place, and can eventually be comprimised. With online verification, the “secrets” maintained by the licence server are separate, and inaccessible. An attacker cannot get to them, and so the system cannot be comprimised in that way.