Software protection

Bernstein DRM

Bernstein DRM protects Windows x86_64 software by avoiding the usual static target: the protected code is compiled and linked on demand for a specific authenticated runtime instance.

How It Works

The launcher uses a small client library for networking, TPM authentication, and loading. Product logic stays on the server side.

When a product is loaded, the server compiles an intermediate representation, specializes it for the target, applies obfuscation, and links it with a runtime agent. The final output is just-in-time linked before it is delivered to the client.

Protection Model

Bernstein can bind generated code to hardware, OS version, process state, and application-specific runtime information. Integrity failures can stop execution immediately or trigger delayed cascading faults that are difficult to isolate.

Non-latency-critical control flow can be automatically lifted onto the server, making initialization and configuration logic dependent on server-side decisions rather than a removable local branch.

Extensibility

A plugin system allows protection to be informed by the protected product itself. Plugins can influence compilation with application-specific knowledge, such as runtime state.

Licensing

If you are interested in licensing this DRM for on-premise use, please contact us with information on the product you wish to protect.