Validation of user entitlement to game play

The invention claimed is: 1. A method for validating a user's entitlement to play a game, the method comprising: at a validation service, receiving a request for the user to play the game, wherein the request to play the game includes an obfuscate-encoded bundle including a signed user ID identifying the user, a signed hardware ID of a computing machine on which the game is requested to be played, and a signed receipt; decoding the obfuscate-encoded bundle; determining whether the request to play the game is valid according to a plurality of security checks including determining that one or both of the signed hardware ID and the signed user ID respectively match a hardware ID and/or a user ID included in the signed receipt; and if the request to play the game is valid, sending an authentication token to the computing machine that allows the user to play the game on the computing machine. 2. The method of claim 1 , further comprising: if the request to play the game is invalid, preventing the user from playing the game on the computing machine. 3. The method of claim 1 , further comprising: for every qualifying game action of the game, receiving a request to perform the game action, wherein the request to perform the game action includes the obfuscate-encoded bundle; determining whether the request to perform the game action is valid according to the plurality of security checks including determining that the signed hardware ID or the signed user ID matches the hardware ID or the user ID included in the signed receipt; and if the request to perform the game action is valid, allowing the game action to be performed. 4. The method of claim 3 , wherein the game action includes at least one of granting to the user an achievement for the game, updating a leader board of the game, or storing a game statistic of the user. 5. The method of claim 1 , wherein the plurality of security checks includes comparing the signed hardware ID in the request to play the game with signed hardware IDs of previous requests for the user to play the game in order to determine a number of computing machines on which the user has played the game, if the number of computing machines on which the user has played the game is greater than a computing machine threshold, determining that the request is invalid, and if the request is invalid, preventing the user from playing the game on the computing machine. 6. The method of claim 1 , wherein the plurality of security checks includes one or more of determining that digital signatures of the signed user ID, the signed hardware ID and the signed receipt are valid, determining that a receipt issue time of the signed receipt is within a validity interval, and determining that a title ID of the game included in the signed receipt matches a title ID of the game included in the obfuscate-encoded bundle. 7. The method of claim 1 , wherein a digital signature of the signed hardware ID, a digital signature of the signed user ID, and a digital signature of the signed receipt are signed by services included in a same computing platform. 8. The method of claim 1 , wherein the signed hardware ID includes a component name and an ID for each of a plurality of components of the computing machine. 9. The method of claim 1 , wherein the computing machine executes a sandbox environment type operating system without direct hardware access and without administrator level access. 10. A method for validating a user's entitlement to play a game, the method comprising: at a validation service for every qualifying game action of the game, receiving a request to perform the game action, wherein the request to perform the game action includes an obfuscate-encoded bundle including a signed user ID identifying the user, a signed hardware ID of a computing machine on which the game action is requested to be performed, and a signed receipt; decoding the obfuscate-encoded bundle; determining whether the request to perform the game action is valid according to a plurality of security checks including determining that the signed hardware ID and the signed user ID respectively match a hardware ID and a user ID included in the signed receipt; and if the request to perform the game action is valid, allowing the game action to be performed on the computing machine. 11. The method of claim 10 , further comprising: if the request to perform the game action is invalid, preventing the game action from being performed on the computing machine. 12. The method of claim 10 , further comprising: if the request to perform the game action is valid, sending an authentication token to the computing machine that allows the user to play the game on the computing machine. 13. The method of claim 10 , wherein the game action includes at least one of launching the game, granting to the user an achievement for the game, updating a leader board of the game, or storing a game statistic of the user. 14. The method of claim 10 , wherein the plurality of security checks includes one or more of determining that digital signatures of the signed user ID, the signed hardware ID and the signed receipt are valid, determining that a receipt issue time of the signed receipt is within a validity interval, and determining that a title ID of the game included in the signed receipt matches a title ID of the game included in the obfuscate-encoded bundle. 15. The method of claim 10 , wherein a digital signature of the signed hardware ID, a digital signature of the signed user ID, and a digital signature of the signed receipt are signed by services included in a same computing platform. 16. The method of claim 10 , wherein the signed hardware ID includes a component name and an ID for each of a plurality of components of the computing machine. 17. The method of claim 10 , wherein the computing machine executes a sandbox environment type operating system without direct hardware access and without administrator level access. 18. A method for validating a user's entitlement to play a game, the method comprising: at a validation service, receiving a request including an obfuscate-encoded bundle including a signed user ID identifying the user, a signed hardware ID of a computing machine from which the request is sent, and a signed receipt; decoding the obfuscate-encoded bundle; comparing the signed hardware ID in the request with signed hardware IDs of previous requests for the user as identified by the user ID in order to determine a number of computing machines on which the user has played the game; and if the number of computing machines on which the user has played the game is greater than a computing machine threshold, preventing the user from playing the game on the computing machine. 19. The method of claim 18 , further comprising: if the number of computing machines on which the user has played the game is not greater than the computing machine threshold, allowing the user to play the game on the computing machine. 20. The method of claim 18 , wherein the signed hardware ID includes a component name and an ID for each of a plurality of components of the computing machine.