Endpoint Encryption

I want to put our company's analysis software on a USB drive and ecrypt it. Then send it to a customer so they can attach the USB drive to a host or VM in their network that has their confidential data stored locally or in the image. I would then remote into that host or VM on a secure monitored VPN connection, point the software at their data for analysis, and provide the analysis results. The keys in this situation being, they cannot let their confidential data out of their network, and we want to provide them with a demonstration of what our software can do as a prospective buyer. However we need to make absolutely sure they cannot copy our software if they choose not to purchase. 

I am evaluating Symantec Encryption Desktop, but the only way I see to do this with this software suite is for the prospective customers to purchase the same software and have it installed on the demonstration machine. I could encyrpt the USB drive, mail it to them, and then decrypt it while I do the demo, However even if I delete the software after the demo, it's still possible to recover our software once it's been decrypted and deleted. I need a solution where the remote location does not need the encryption software installed and I can run the application without decrypting it. Is this possible?

Thanks in advance for any input on this problem. 

Do you run the application from USB or copy it to local system for demonstration. ?

Is your requirement to keep the data encrypted on USB until it is accessed for demonstration ?

I would suggest to also test this requirment with Symantec Endpoint Encryption Removavle Storage (SEE-RS).

It could be copied from the USB or remain there, that's not the issue. I need the software to never be decrypted, but still be able to run the software. Symantec Encryption Desktop did this perfectly, however each customer would be forced to buy a license and install encryption desktop just to get a demonstration of our software. I need to be able to run the software in it's encrypted state without forcing the customer to buy a license.

I will look at the other software you mentioned.

Why do you need it to be encrypted?  If its a software for potential clients it seems to me your main aim is to prevent them from copying the application onto their machines.  You just want to get copy protection usb sticks.

True, copy protected portable media would keep them from directly making a copy of the software. However if it is unencrypted, a potential client's software engineers would still be able to look at the code and reverse engineer it at a later date.

The demonstration process will be done remotely. In other words, we'll send them portable media before the demonstration. Then one of our engineers will remote into their network where the confidential data resides and run the analysis. Then they will send the portable media back to us. That leaves plenty of time and opportunity to analyze the code and reverse engineer it at a later date.

Those are quite a unique set of requirements.

Could you just use PGP Zip?  That would then have the program in an encrypted format, encrypted to a password.  When when the engineer remotes in to do this analysis, they can just extract it to the disk.  What you could then do is have another nuke utility to wipe the entire USB stick securely (copy the nuke utility to remote pc then nuke the USB stick.

So Copy Protection + PGP Zip + USB Nuke utility all together I think you have all bases covered.

OK, I'll submit that to the engineer and see what he thinks. Thanks for your time.