I was thinking more along the lines of binding the security into the
bound program, not a service program.
Also, the signature isn't quite enough - you'd have to do a
man-in-the middle attack, although that's pretty simple. Just write
your own procedure with the same signature that calls the existing procedure, and record the inputs and outputs until you figure out how
to respond affirmatively to a challenge.