A method and system for determining whether a client is attempting to copy an application or use the application without authorization. First, data for at least one prediction log file for the application is created. Then, based on the at least one prediction log file, prediction knowledge is determined for the application, where the prediction knowledge is stored in a prediction file. The prediction file is then forwarded to the client executing the application. It is then determined by using the predication file whether the client is attempting to copy the application or use the application without authorization. If the client is attempting to copy the application or use the application without authorization, then the client's access to the application is terminated. In an offline mode, usage information is bound to user saved data such that modification of usage information renders user saved data unusable. This prevents unauthorized access to an offline delivered application.