A method and system is provided for validating software code provided to a user entity by a software provider. In general terms, the user entity encrypts first data, provides it to the software provider, and receives back an indication that the code is valid only if the software provider has been able to correctly decrypt the encrypted first data, such decryption only being possible using an appropriate decryption key provided by a party with rights in the software code. More particularly, the user entity encrypts the first data using, as encryption parameters, both an encryption key string comprising said software code or a representation thereof, and public data of the aforesaid party. A decryption key appropriate for correctly decrypting the encrypted first data is generated from the encryption key string and provided to the software provider only if the software code provided to the user entity is valid.