Method, system, and computer program products for identifying potentially
fraudulent receivers of digital content. A receiver authenticates to an
auditing service with data that should be unique to the receiver. The
auditing service detects when multiple receivers attempt to authenticate
with the same data, suggesting that a receiver has been cloned or
duplicated. The audit service also detects when a receiver authenticates
improperly, suggesting an unsuccessful and unauthorized attempt to
duplicate an authorized receiver. Individual receivers may be networked
together. To help protect a receiver's authentication data from
tampering, at least a portion of the data may be digitally signed with a
private key. The audit service may then verify the digital signature with
a corresponding public key. Varying the order in which data is signed or
where the data is stored from one receiver or group of receivers to
another may provide an additional level of security.