A secure content receiver includes a processing unit operable to request a data file from a remote device, to provide a first encryption key to the remote device, and to receive the requested data file and a key object from the remote device. The received data file is encrypted using the first encryption key. The key object imposes restrictions on the decryption of the data file. The receiver further includes a first security module that is coupled to the processing unit and that is operable to decrypt the data file according to the restrictions imposed by the key object.