Controlling unauthorized access to software distributed to a user by a vendor. A verification key is generated by a product key generator and either embedded in the software prior to distribution or packaged with the software as a self-installing package. The verification key includes a public verification key. The combination of the software and the verification key create distributable software which is distributed to a user. The user installs the software on a user computer system as protected software. To obtain a user key, the user inputs identifying information, which may be for the user or for a group, which is sent to a user key generator. The user key generator converts the identifying information to a numeric representation and then generates, by signing the numeric representation with the private signing key, a user key, which is returned to the user. Using the verification key, a user key verifier verifies a relationship between the user key and the identifying information to determine an access level to the protected software. The system verifies the relationship between the user key and the identifying information every time the software is run to ensure continued protection of the software after installation.