A certain automation system vendor uses proper USB license dongles in their PC software but they do not do challenge-response authentication. Instead they send a hardcoded string to the dongle and compare the response against a list that contains various software feature levels.

The whole automation system including machinery costs anywhere from 200k to 1M yet Vendor™ tries to milk the customers dry with a 1.5k software license that lets you manage up to 254 physically* connected systems. I'm pretty sure the license dongle is in reality designed to prevent casual tinkering of parameters, which is something only service techs should do.

*You can circumvent this with serial-over-Ethernet converters, which has resulted in an Industrial Internet of Shit-level security nightmare as companies happily expose their systems over the internet, thinking that license dongles are a substitute for authentication.