Various categories of software piracy include:

Soft-lifting: purchasing a single licensed copy of software and loading it onto several computers, contrary to the license terms.
For example, sharing software with friends, co-workers and others.
Uploading and downloading: making unauthorised copies of copyrighted software available to end users connected by modem to online service providers and/or the Internet.
Software counterfeiting: illegally duplicating and selling copyrighted software in a form designed to make it appear legitimate.
OEM unbundling: selling stand-alone software that was intended to be bundled with specific accompanying hardware.
Hard disk loading: installing unauthorized copies of software onto the hard disks of personal computers, often as an incentive for the end user to buy the hardware from that particular hardware dealer.
Renting: unauthorised selling of software for temporary use, like you would rent a video.

Software pirates can be divided into several categories:

Dealers selling hardware pre-loaded with illegal software
User organisations making unauthorized copies of software for internal use
"Professional" software counterfeiters
Competitors using unauthorised software copies to develop competing products
Hackers’ web sites offering illegal software to users
Any individual who makes an unauthorized copy of someone else's software program

Software vendors can get more business from their existing customers and see an increase in the number of seats sold per site by taking appropriate measures to
safeguard their products.

Software Protection

The term software protection is used to describe all the methods that a software vendor can use to ensure that users can run only those copies of software that have been legally purchased. It is important to note that there is no such thing as a perfect software protection mechanism. Ultimately, if software pirates want to run your software, they will. The aim of software protection, then, is to make the effort of illegally running a program more expensive than a license to run the program.

While the direct objective of software protection has always been of a preventive nature, today the quality of software protection is also measured by the broadness of the solution and its ability to answer further software commerce needs.
A good software protection solution will not only enable software vendors to increase their revenues, but also gain remote control over their software and its distribution and channel management. It should also enable innovative sales opportunities and flexible licensing capabilities, which give vendors the freedom to concentrate on doing business without the worries of license violations.

Software Protection Methods

Two major forms of control mechanisms can be used to create the incentives for obtaining the software legally and penalties or disincentives for using the software illegally.

Legal and Marketing Control Mechanisms

Software license agreements and copyright law are being used to prevent software piracy. Of the two legal control mechanisms copyright law is the more important. It covers all software automatically.

However, these control mechanisms do not prevent a user from inadvertently or intentionally copying the unauthorised software. The power of these mechanisms is in the legal remedies available to software suppliers against software pirates. Software publishers and suppliers are also using various marketing and educational control mechanisms to reduce the incidence level of software piracy. These include volume discounting, site licensing, strong focus on customer support, teaching that software theft is wrong, etc. This kind of control may prevent accidental use of unauthorised software by end users, but it will not stop software pirates. So because marketing and legal measures do have value, you should always use them, but never rely on them. They cannot help you when it comes to individual unauthorised users who, on their own, can cause huge damage.

Technology-Based Control Mechanisms

Technology-based control mechanisms include all programs and devices that prevent the unauthorised use of software. This form of protection has much going for it—unlike legal mechanisms it cannot simply be ignored, and it is often cheaper to implement. Technological mechanisms use an encryption process or other protective measures to protect the software.

The most common approaches are: making copy-resistant distribution disks, access
locks, hard-coded numbers in computer memory, software resident inside a ROM chip and copy protection security devices, also known as dongles.
This form of control will prevent accidental use of unauthorised software by the end user. In some cases these methods will also prevent software pirates, depending on the strength of the control mechanism.

Technological protection comes in two forms: software and hardware, the latter being a much stronger mechanism, aimed at combating software pirates. Today, software-based copy-protection is associated with license management systems and license files. The strength of these systems however, is in their licensing capabilities.
Many software-based copy protection vendors offer a hardware-based copy-protection key when it comes to enhancing the protection level of their security solutions.

Hardware-Based Software Protection Keys

Hardware-based copy protection systems offer the best, most proactive solution for software vendors. These systems offer the most secure solution while placing a minimum burden, if any, on the software user. There are two major types of hardware-based solutions, which differ in strength: EEPROMs and the much stronger
ASIC-based solutions.

Electrical Erasable Programmable Read-Only Memory (EEPROM) is a standard memory chip that can be purchased off the shelf. Dongle vendors that use these chips will often mask them in an attempt to physically conceal their identity and the known technology. EEPROM contents are almost always readable via software and they generally contain plain data that make it possible to emulate the
process with a software patch. EEPROM-based copy-protection keys are "dumb" devices that let you store data. This is because validating the presence of the device
in order to determine whether the user is authorised is summed up in a simple operation of reading what is stored on the EEPROM and comparing it to an expected value.

ASIC-Based Devices

Application Specific Integrated Circuit (ASIC) is a chip designed for a special application and cannot be purchased from just any electronics store. An ASIC can be pre-manufactured for a special application or it can be custom manufactured (typically using components from a "building block" library of components) for a
particular customer application. This is an extremely secure technology because only the company that designed and manufactured it knows the technology. Microcontrollers also fall under this category.
Both ASIC-based and microcontroller-based keys are referred to as "intelligent" devices because they can deploy encryption. ASICs have an on-chip encryption engine designed within their logic. Microcontrollers activate an encryption algorithm that is burned into an internal EEPROM.

Encryption–the Heart of Software Protection
The way to validate that a user is legally using a software application is to protect it with a hardware-based key and to verify that the key is connected to the user’s computer during the application’s runtime.

There are two ways to perform the verification:

Send the key a query and check the response; if the response is as expected, then the key is present. This approach is fundamentally insecure. Checking for an expected response can be easily hacked and removed – leaving the application bare from
protection.
The other method, most secure, is to "use" the key (as opposed to checking it) to decrypt encrypted strings or text and to deploy those within the application. As a result the application will run properly, if at all, only when the strings are decrypted properly i.e. when the right key is connected to the computer. Any method of encrypting text is referred to as a cipher. The resulting encrypted text is referred to as ciphertext. Some ciphers work by simply realigning the alphabet (for example, A is
represented by F, B is represented by G, and so forth) or otherwise manipulating the text in some consistent pattern. However, almost all serious ciphers use an encryption key, which is a variable that is combined in some way with the unencrypted text, and an algorithm, which is a formula for combining the key with the text.
There are two categories of ciphers: stream and block.

Stream Cipher

A stream cipher is a method of encrypting text in which a cryptographic key and an algorithm are applied to each binary digit in a data stream, one bit at a time. This method is not used much in modern cryptography.

Block Cipher

Another method, used much more frequently, is the block cipher. A block cipher is a type of symmetric-key encryption algorithm that transforms a fixed-length block of data at once (as a group rather than one bit at a time) into a block of ciphertext (encrypted text) data of the same length. This transformation takes place under the
action of a user-provided secret key. Decryption is performed by applying the reverse transformation to the ciphertext block using the same secret key.

Cipher Block Chaining

Associated with block ciphers are cryptographic modes, which combine the basic cipher, some sort of feedback, and some simple operations. One mode of operation for a block cipher is the Cipher Block Chaining (CBC) mode. Cipher Block Chaining uses what is known as an initialization vector (IV) of a certain length. One of its key characteristics is that it uses a chaining mechanism that causes the decryption of a block of ciphertext to depend on all the preceding ciphertext blocks. As a result, the entire validity of all preceding blocks is contained in the immediately previous
ciphertext block.