CITADEL - Secure Licensing with 5×5 Keys & ECDSA
Project CITADEL by AIC delivers high-assurance, cryptographically verifiable software licensing with Base24-encoded 5×5 keys, ECDSA signatures, offline validation, and device locking — establishing a new standard for secure digital activation.
Category
Commercial
Category
Commercial
Category
Commercial
Client
Internal / Multiple Products
Client
Internal / Multiple Products
Client
Internal / Multiple Products
Services
Crypto Design, Client/Server Validation
Services
Crypto Design, Client/Server Validation
Services
Crypto Design, Client/Server Validation
Location
UK
Location
UK
Location
UK
Year
2025
Year
2025
Year
2025
TRL
6
TRL
6
TRL
6
Overview
Project CITADEL is AIC’s high-assurance software licensing and activation framework, designed to protect mission-critical applications through cryptographically verifiable 5×5 product keys, ECDSA signatures, and device-locked validation.
Developed to military and enterprise-grade standards, CITADEL ensures that every activation is authentic, auditable, and uniquely bound to the authorised user or system — even in air-gapped or disconnected environments.
Built on AIC’s secure architecture, the platform provides a unified trust model for digital licensing across on-premise, clean-cloud, and tactical deployments, combining asymmetric cryptography, offline verification, and key versioning to create a system that is as resilient as it is adaptable.
Core Principles
Authenticity – Every license key carries a digitally signed payload verifiable against AIC’s public key infrastructure.
Integrity – Keys cannot be forged, replayed, or tampered with thanks to ECDSA-based cryptographic proof.
Sovereignty – Operates without third-party dependency or online validation servers, suitable for classified and disconnected systems.
Auditability – Every issued key, signature, and device bind event is logged immutably for compliance and traceability.
Longevity – Backward-compatible key versioning enables future algorithm upgrades without invalidating existing deployments.
Technical Architecture
Component | Function | Key Technologies |
|---|---|---|
Key Minting Authority (KMA) | Generates, signs, and issues Base24-encoded 5×5 product keys. | .NET 9, ECDSA P-256, HSM-backed signing |
Validation Engine | Verifies license authenticity and device lock locally or remotely. | ECDSA Verify, SHA-256 hashing, offline validation module |
Device Binding Module | Derives unique hardware fingerprints using CPU, TPM, and OS identifiers. | C#, Windows API, TPM 2.0 |
License Registry | Stores immutable activation and revocation records. | MongoDB Atlas, Azure Blob Storage |
Revocation Service | Issues signed invalidation lists and manages key roll-over events. | Azure Functions, Event Grid |
SDK & API Layer | Developer integration for validation, telemetry, and lifecycle operations. | NuGet Package, REST / GraphQL API |
Key Features
Base24-Encoded 5×5 Keys – Compact, human-readable, error-resistant key format supporting up to 120 bits of entropy.
Asymmetric ECDSA Signatures – Each key digitally signed using the platform’s private key; verified locally using the public key.
Offline Verification – No external network dependency; suitable for air-gapped military, industrial, or lab systems.
Device Locking – Optionally binds the key to a hardware fingerprint to prevent redistribution or cloning.
Key Versioning & Rotation – Supports multiple signing authorities and evolving crypto suites without breaking old installations.
Encrypted License Payloads – Embedded product metadata (edition, expiry, features) encrypted and integrity-checked at runtime.
Developer SDK – Cross-platform library enabling integration with desktop, server, and embedded products.
Telemetry Opt-In – Optional anonymised activation tracking for analytics and support.
Security & Compliance Alignment
CITADEL applies Zero-Trust and cryptographic verification principles aligned to:
NIST FIPS 186-4 / 140-3 – Digital signature and cryptographic module validation
ISO 27001 / 27017 / 27018 – Information and cloud security controls
UK MoD JSP 440 / 604 – Secure information infrastructure standards
GDPR / UK Data Protection Act 2018 – Lawful processing of identifiable activation data
BSI PAS 754 – Software trustworthiness and lifecycle integrity
All private keys are stored in Hardware Security Modules (HSMs) and never leave the secure boundary of the minting authority.
Deployment Model
Clean-Cloud (Azure) – Managed service with regional redundancy and automated key lifecycle management.
Private Mint Authority – Standalone deployment for classified or sovereign customers.
Hybrid Mode – Public issuance with offline verification endpoints for internal use.
Developer Integration Kits – Plug-and-play SDKs for .NET, C++, Go, and Python.
Use Cases
Defence & Government Software – Air-gapped license enforcement for secure mission systems.
Enterprise SaaS / On-Prem Products – Hybrid activation across online and disconnected installations.
Embedded & Industrial Devices – Tamper-resistant licensing for firmware or machine-bound deployments.
Research & Simulation Tools – Controlled academic or partner access with expiration and usage logging.
Strategic Value
Project CITADEL establishes AIC’s sovereign licensing and trust infrastructure, ensuring that every distributed component — from fielded defence software to commercial SaaS — can prove its authenticity without external dependency.
By replacing fragile serial-number models with cryptographically verifiable proof-of-use, CITADEL reinforces software supply-chain integrity, supports digital sovereignty, and provides audit-ready compliance for customers operating in regulated, high-assurance environments.
It is not merely a licensing service — it is a trust anchor for the next generation of secure software distribution.
Overview
Project CITADEL is AIC’s high-assurance software licensing and activation framework, designed to protect mission-critical applications through cryptographically verifiable 5×5 product keys, ECDSA signatures, and device-locked validation.
Developed to military and enterprise-grade standards, CITADEL ensures that every activation is authentic, auditable, and uniquely bound to the authorised user or system — even in air-gapped or disconnected environments.
Built on AIC’s secure architecture, the platform provides a unified trust model for digital licensing across on-premise, clean-cloud, and tactical deployments, combining asymmetric cryptography, offline verification, and key versioning to create a system that is as resilient as it is adaptable.
Core Principles
Authenticity – Every license key carries a digitally signed payload verifiable against AIC’s public key infrastructure.
Integrity – Keys cannot be forged, replayed, or tampered with thanks to ECDSA-based cryptographic proof.
Sovereignty – Operates without third-party dependency or online validation servers, suitable for classified and disconnected systems.
Auditability – Every issued key, signature, and device bind event is logged immutably for compliance and traceability.
Longevity – Backward-compatible key versioning enables future algorithm upgrades without invalidating existing deployments.
Technical Architecture
Component | Function | Key Technologies |
|---|---|---|
Key Minting Authority (KMA) | Generates, signs, and issues Base24-encoded 5×5 product keys. | .NET 9, ECDSA P-256, HSM-backed signing |
Validation Engine | Verifies license authenticity and device lock locally or remotely. | ECDSA Verify, SHA-256 hashing, offline validation module |
Device Binding Module | Derives unique hardware fingerprints using CPU, TPM, and OS identifiers. | C#, Windows API, TPM 2.0 |
License Registry | Stores immutable activation and revocation records. | MongoDB Atlas, Azure Blob Storage |
Revocation Service | Issues signed invalidation lists and manages key roll-over events. | Azure Functions, Event Grid |
SDK & API Layer | Developer integration for validation, telemetry, and lifecycle operations. | NuGet Package, REST / GraphQL API |
Key Features
Base24-Encoded 5×5 Keys – Compact, human-readable, error-resistant key format supporting up to 120 bits of entropy.
Asymmetric ECDSA Signatures – Each key digitally signed using the platform’s private key; verified locally using the public key.
Offline Verification – No external network dependency; suitable for air-gapped military, industrial, or lab systems.
Device Locking – Optionally binds the key to a hardware fingerprint to prevent redistribution or cloning.
Key Versioning & Rotation – Supports multiple signing authorities and evolving crypto suites without breaking old installations.
Encrypted License Payloads – Embedded product metadata (edition, expiry, features) encrypted and integrity-checked at runtime.
Developer SDK – Cross-platform library enabling integration with desktop, server, and embedded products.
Telemetry Opt-In – Optional anonymised activation tracking for analytics and support.
Security & Compliance Alignment
CITADEL applies Zero-Trust and cryptographic verification principles aligned to:
NIST FIPS 186-4 / 140-3 – Digital signature and cryptographic module validation
ISO 27001 / 27017 / 27018 – Information and cloud security controls
UK MoD JSP 440 / 604 – Secure information infrastructure standards
GDPR / UK Data Protection Act 2018 – Lawful processing of identifiable activation data
BSI PAS 754 – Software trustworthiness and lifecycle integrity
All private keys are stored in Hardware Security Modules (HSMs) and never leave the secure boundary of the minting authority.
Deployment Model
Clean-Cloud (Azure) – Managed service with regional redundancy and automated key lifecycle management.
Private Mint Authority – Standalone deployment for classified or sovereign customers.
Hybrid Mode – Public issuance with offline verification endpoints for internal use.
Developer Integration Kits – Plug-and-play SDKs for .NET, C++, Go, and Python.
Use Cases
Defence & Government Software – Air-gapped license enforcement for secure mission systems.
Enterprise SaaS / On-Prem Products – Hybrid activation across online and disconnected installations.
Embedded & Industrial Devices – Tamper-resistant licensing for firmware or machine-bound deployments.
Research & Simulation Tools – Controlled academic or partner access with expiration and usage logging.
Strategic Value
Project CITADEL establishes AIC’s sovereign licensing and trust infrastructure, ensuring that every distributed component — from fielded defence software to commercial SaaS — can prove its authenticity without external dependency.
By replacing fragile serial-number models with cryptographically verifiable proof-of-use, CITADEL reinforces software supply-chain integrity, supports digital sovereignty, and provides audit-ready compliance for customers operating in regulated, high-assurance environments.
It is not merely a licensing service — it is a trust anchor for the next generation of secure software distribution.
Overview
Project CITADEL is AIC’s high-assurance software licensing and activation framework, designed to protect mission-critical applications through cryptographically verifiable 5×5 product keys, ECDSA signatures, and device-locked validation.
Developed to military and enterprise-grade standards, CITADEL ensures that every activation is authentic, auditable, and uniquely bound to the authorised user or system — even in air-gapped or disconnected environments.
Built on AIC’s secure architecture, the platform provides a unified trust model for digital licensing across on-premise, clean-cloud, and tactical deployments, combining asymmetric cryptography, offline verification, and key versioning to create a system that is as resilient as it is adaptable.
Core Principles
Authenticity – Every license key carries a digitally signed payload verifiable against AIC’s public key infrastructure.
Integrity – Keys cannot be forged, replayed, or tampered with thanks to ECDSA-based cryptographic proof.
Sovereignty – Operates without third-party dependency or online validation servers, suitable for classified and disconnected systems.
Auditability – Every issued key, signature, and device bind event is logged immutably for compliance and traceability.
Longevity – Backward-compatible key versioning enables future algorithm upgrades without invalidating existing deployments.
Technical Architecture
Component | Function | Key Technologies |
|---|---|---|
Key Minting Authority (KMA) | Generates, signs, and issues Base24-encoded 5×5 product keys. | .NET 9, ECDSA P-256, HSM-backed signing |
Validation Engine | Verifies license authenticity and device lock locally or remotely. | ECDSA Verify, SHA-256 hashing, offline validation module |
Device Binding Module | Derives unique hardware fingerprints using CPU, TPM, and OS identifiers. | C#, Windows API, TPM 2.0 |
License Registry | Stores immutable activation and revocation records. | MongoDB Atlas, Azure Blob Storage |
Revocation Service | Issues signed invalidation lists and manages key roll-over events. | Azure Functions, Event Grid |
SDK & API Layer | Developer integration for validation, telemetry, and lifecycle operations. | NuGet Package, REST / GraphQL API |
Key Features
Base24-Encoded 5×5 Keys – Compact, human-readable, error-resistant key format supporting up to 120 bits of entropy.
Asymmetric ECDSA Signatures – Each key digitally signed using the platform’s private key; verified locally using the public key.
Offline Verification – No external network dependency; suitable for air-gapped military, industrial, or lab systems.
Device Locking – Optionally binds the key to a hardware fingerprint to prevent redistribution or cloning.
Key Versioning & Rotation – Supports multiple signing authorities and evolving crypto suites without breaking old installations.
Encrypted License Payloads – Embedded product metadata (edition, expiry, features) encrypted and integrity-checked at runtime.
Developer SDK – Cross-platform library enabling integration with desktop, server, and embedded products.
Telemetry Opt-In – Optional anonymised activation tracking for analytics and support.
Security & Compliance Alignment
CITADEL applies Zero-Trust and cryptographic verification principles aligned to:
NIST FIPS 186-4 / 140-3 – Digital signature and cryptographic module validation
ISO 27001 / 27017 / 27018 – Information and cloud security controls
UK MoD JSP 440 / 604 – Secure information infrastructure standards
GDPR / UK Data Protection Act 2018 – Lawful processing of identifiable activation data
BSI PAS 754 – Software trustworthiness and lifecycle integrity
All private keys are stored in Hardware Security Modules (HSMs) and never leave the secure boundary of the minting authority.
Deployment Model
Clean-Cloud (Azure) – Managed service with regional redundancy and automated key lifecycle management.
Private Mint Authority – Standalone deployment for classified or sovereign customers.
Hybrid Mode – Public issuance with offline verification endpoints for internal use.
Developer Integration Kits – Plug-and-play SDKs for .NET, C++, Go, and Python.
Use Cases
Defence & Government Software – Air-gapped license enforcement for secure mission systems.
Enterprise SaaS / On-Prem Products – Hybrid activation across online and disconnected installations.
Embedded & Industrial Devices – Tamper-resistant licensing for firmware or machine-bound deployments.
Research & Simulation Tools – Controlled academic or partner access with expiration and usage logging.
Strategic Value
Project CITADEL establishes AIC’s sovereign licensing and trust infrastructure, ensuring that every distributed component — from fielded defence software to commercial SaaS — can prove its authenticity without external dependency.
By replacing fragile serial-number models with cryptographically verifiable proof-of-use, CITADEL reinforces software supply-chain integrity, supports digital sovereignty, and provides audit-ready compliance for customers operating in regulated, high-assurance environments.
It is not merely a licensing service — it is a trust anchor for the next generation of secure software distribution.
Let’s Shape the Future of Industry Together
Strategic consultancy, secure technology, and mission-ready expertise, connect with AIC to deliver change where it matters most.
Let’s Shape the Future of Industry Together
Strategic consultancy, secure technology, and mission-ready expertise, connect with AIC to deliver change where it matters most.
Let’s Shape the Future of Industry Together
Strategic consultancy, secure technology, and mission-ready expertise, connect with AIC to deliver change where it matters most.