I have a Windows Excel workbook (VBA) that calls a Python FastAPI server (business logic is server-side). The current version works, but I need it converted into a paid, production-grade software with maximum possible security on the client side to prevent unauthorized usage and bypassing. I’m a developer but not a cybersecurity expert. I want you to design and implement a strong licensing + anti-tamper system. Current setup Write "read" in your first line of your proposal. Excel (VBA) client on Windows FastAPI server (Python) VBA currently calls server directly What I need (must-have) Paid licensing enforcement Users must be licensed/paid before usage is allowed Support: active / expired / revoked / banned Maximum security client architecture I strongly prefer moving all security + API calls out of VBA into a signed Windows component (C++ or C#) that Excel calls locally. VBA should not contain any secrets or auth logic. Anti-bypass requirements Your solution must be designed to resist: copying a “device hash” from another user (static spoofing) request forging (calling the API outside the official client) replay attacks token theft reuse basic patching/tampering of the client Server-side enforcement (FastAPI) Implement secure activation + challenge-response flow (no static “hash check”) Short-lived sessions/tokens Server logging and ability to revoke access instantly Deliverables Updated Excel file + VBA integration (minimal VBA changes preferred) Windows security component (C++/C#) + installer Updated FastAPI endpoints + DB schema for licensing/devices/sessions/logs Short security notes (what attacks are mitigated + what is out of scope) Acceptance Criteria Unlicensed user cannot use core features License revocation immediately blocks usage Copying another user’s device ID/hash is NOT enough to activate API calls must require server-issued challenge/response (no static auth) Logs show activations + failed attempts Important After delivery, I will hire a separate freelancer to attempt bypass/testing. Any bypass findings must be fixed as part of the project. In your bid, explain: Your proposed architecture (C# vs C++) How you will bind licensing to a device securely (high-level) What anti-tamper methods you will use