Here there is some hole in the process if what you kust described is correct. In order for both party of the communication understand to each other, they need to use handshaking protocols. If they use symmetric alogrithm for encrypting the data between them, they need to use the same key. If the key is embedded in the software, it will be found out later just like how AACS is broken. If they generate the key on the fly, someone can then monitor that process and get the key in the same way, so I think that the best business approach is to giving up the old thinking and find some other way.