Secondary content in encrypted for distribution to client terminals by selecting at least a portion of raw encrypted audio-video data (REAVD) that is provided on a media article as an encryption key, encrypting secondary content using the encryption key, and storing encrypted secondary content at a remotely located host. The media article can then be used for providing access to the encrypted secondary content to client terminals by receiving encrypted secondary content at a client terminal, extracting a decryption key from a media article encoded with REAVD, the decryption key being determined by at least a portion of the REAVD, using the decryption key to decrypt the secondary content, and outputting the decrypted secondary content from the client terminal.