the best way is to generate a key based on the hardware values of the machine. so take the amount of ram, processor type, speed, mac address, bios version, etc. Once you have all those values use them to generate a hash. Each user should also have a unique ID for their purchase. When the software is first used it should send the user ID and hash to your server. Each time the software is run (and at various times while its running) the software should send both these IDs to the server. If the hash does not match the hash that corresponds to the user ID then access to the software is denied. If a user changes their hardware or wants to install on a different machine they should be able to submit a request to reset their hash. Also make sure you use SSL for the licensing communication and obfuscate your code if possible. you can also add the domain name the script is running from to the data used for the hash if you want to lock it to a domain