Do you understand the comments of a one layered scheme verse a dual layer scheme ?

lets say the content belongs to you...

TDL manager...

If you have some content you would like me to protect for you....you can hand your ``pre encrypted content`` to me with keys and I will load them on an IFE device...if you like you can supply your own decryptor to decrypt the files....or you can send it to us utilizing a standard encryption process and we will implement the decryptor...we use ``a physically secure FIPS 140-1, level 2-compliant hardware device to perform authentication and encryption key storage``

Your files sit on the TDL in your encrypted state.

OR..DigE..

If you have some content you would like me to protect for you....you can hand your ``pre encrypted content`` to me with keys and I will load them on an IFE device...if you like you can supply your own decryptor to decrypt the files....or you can send it to us utilizing a standard encryption process and we will implement the decryptor...we use ``a physically secure FIPS 140-1, level 2-compliant hardware device to perform authentication and encryption key storage``

Your files sit in yet again a second scheme of encryption...as they sit in the DigE....we will match our authentication process to your File decryptor process...so that you can retrieve the files necessary for decryption from our protection scheme.....by doing that your protection scheme stays intact..unknown to others....we do not manage your keys if we implement your supplied...key management/file decryptor hardware.

Take your pick

doni