The product should validate the license keys with the corresponding public key. The signatures should be part of the license key. Your license keys should be in fact signed 'documents', containing some useful data, signed with your company's private key. The answer is simple but technically challenging: digital signatures using public key cryptography.