Recent advances in digital signal processing techniques and, in particular, advancements in digital compression techniques, have led to an abundance of proposals for providing new digital services to the customer's home via existing telephone and coaxial cable lines. For example, proposals have been made to provide hundreds of CATV channels to customers by compressing digital video, transmitting the compressed digital video over conventional coaxial CATV cables, and then decompressing the video at the customer's set top unit. Another proposed application of this technology is a "movie on demand" video system in which a customer communicates directly with a video service provider via the telephone lines or coaxial CATV cables to request a particular video program from a video library, and the requested video program is routed to the caller's home via the telephone lines or via the coaxial CATV cables for immediate viewing.
Such an exemplary system typically has three distinct segments: (1) a service provider (SP), which provides the video, audio, interactive games and the like (collectively referred to hereinafter as "programs") to the system; (2) a customer, who purchases the programs from the service provider; and, (3) a network operator, which provides a transmission path or connection between the SP and the customer for delivery of the programs. A layer of complexity is added to the operation and design of the system if the network operator is defined as a telephone company by the Federal Communications Commission (FCC). In such a case, the network operator is subject to regulation under the jurisdiction of the FCC. The system will then be further categorized into Level 1 services (L1) and Level 2 services (L2). Level 1 services provide the information session connection and define the portion of the system responsible for setting up and maintaining interactive communication sessions between customers and SPs. Level 1 services are provided by the network operator and are regulated by the FCC. Level 2 services, on the other hand, define the portion of the system responsible for providing the programs requested to the L1 portion of the system from the SP and for terminating the service at the customer end of the network. A provider of Level 2 services is defined by the FCC as an enhanced services provider and is not regulated by the FCC. Significantly, these FCC regulations limit the control a Level 1 services provider may have over Level 2 services.
In a Level 1/Level 2 system, which is under the jurisdiction of the FCC, the SP resides in Level 2 and the control that the SP can exercise over Level 1 services is restricted. However, in any system where a SP is delivering programs to a customer over a network, the SP has a need to prevent the unauthorized access to the programs provided to the customer. For example, a nonsubscriber may attempt to illegitimately receive the programs intended for the use of paying subscribers. This protection of programs through the prevention of unauthorized access is referred to as "conditional access." As used herein the terms "conditional access" and "conditional access layer" broadly refer to the control mechanisms, data structures and commands that provide for selective access or denial of specific services. Prior art systems have provided conditional access by encrypting the programs at the SP site and decrypting the programs at the customer site.
For example, Lee et al., U.S. Pat. No. Re. 33,189, discloses a system using an encryption mechanism for providing conditional access in a satellite television system and is hereby incorporated by reference. In Lee, a program is scrambled at a SP site using a frequently changing random number. The random numbers are encrypted with a key and broadcast along with the program to customer sites. Customers who have paid receive the key, encrypted with the unique ID that is embedded in their set top unit (STU). These customers' STUs can decrypt the key using the unique ID embedded therein. The customers' STU can then decrypt the encrypted random numbers, as they are broadcast, and use the random numbers, along with the key, to decrypt the program. As noted above, the key in the Lee invention must be securely transmitted; otherwise, an unauthorized user could get access to the key and gain access to the broadcast programs. Lee protects the key by using the unique ID of the STU to encrypt it. Such a technique works fine in a broadcast environment where there is a single broadcaster to multiple users. In that environment, the broadcaster can take adequate measures to protect the list of valid customer STU IDs. However, in a telephone architecture regulated by the FCC, as described above, multiple service providers (i.e., broadcasters) must have access to the multiple users. In such an environment, the list of unique STU IDs is vulnerable to discovery by unauthorized parties, and the security of the system may be breached. Additionally the Lee system is appropriate for a broadcast environment in which the SPs have the only reasonable means to address the STUs. Therefore, the system is not susceptible to compromise by unauthorized users addressing the STUs. However, in a digital network environment where STUs are uniquely addressable, and multiple SPs have access to multiple STUs, an unauthorized user could put information on the network addressed to individual STUs and thereby compromise the system. Applicants have recognized that a conditional access system in a digital network environment must have a mechanism that allows the STU to authenticate the identity of the SP. Thus, applicants have recognized that an improved encryption technique is needed.
Moreover, while encryption has provided conditional access, the problem of where to perform the conditional access in an FCC regulated system remains unresolved. Applicants have recognized that a solution that performs the conditional access within the L1 portion of the system is unnecessarily complicated by FCC regulation.
Applicants have recognized that conditional access should be performed while a program is still in control of the Level 2 service provider, i.e., before it is delivered to the L1 portion of the system. Access to the program and vital conditional access information can be closely controlled by a service provider. Unfortunately, the file server equipment currently available to service providers does not provide the necessary functionality to perform conditional access before a program is output from the file server. As a result, there is a need for method and apparatus to provide conditional access to a program after it exits a file server, but before it enters the L1 portion of the system.
The problem is complicated further when considered in the context of a typical digital network environment. In such an environment it is expected that the SPs will store programs on file servers in the form of Moving Picture Expert Group (MPEG-2) Systems transport packets, as defined in MPEG-2 Systems International Standards Reference (ISO/IEC JTC1/SC29/WG11 N0801, November 1994, ISO Reference No. 13818-1), which is hereby incorporated by reference. Importantly, although the MPEG-2 Systems International Standards Reference does not standardize on a particular method of conditional access, it does contemplate the addition of conditional access to the MPEG-2 transport packets. Thus, to conform to the MPEG-2 standard, it is necessary that conditional access be added to programs at the MPEG-2 transport packet layer rather than at a higher network protocol layer. However, when a program leaves a service provider's file server, it will not be in a convenient format for applying conditional access. Rather, the program, in the form of MPEG-2 transport packets, will leave the file server enveloped in a first network protocol. Additionally, in some applications, the packets may then need to be re-mapped into a second network protocol to conform to the network protocol provided by the network operator. Thus, in this context there is a need for method and apparatus for removing the MPEG-2 transport packets of a particular program from a first network protocol, providing conditional access to the MPEG-2 transport packets, and then mapping the MPEG-2 transport packets back into the first network protocol or into a second network protocol.