Abstract: A system and method for controlling unauthorized access to software distributed to a user by a vendor in which a verification key is generated by a product key generator and either embedded in the software prior to distribution or packaged with the software as a self-installing package. The verification key includes a private signing key and a public verification key. The combination of the software and the verification key create distributable software which is distributed to a user. The user installs the software on a user computer system as protected software. To obtain a user key, the user inputs user identifying information which is sent to a user key generator. The user key generator converts the user identifying information to a numeric representation and then generates, by signing the numeric representation with the private signing key, a user key, which is returned to the user.