Multicast applications via the Internet are becoming more and more widespread. These include television over IP or video-on-demand applications, where a subscriber may have a long term subscription to a particular service or simply request access to an individual transmission for the duration of that transmission. When a packet-switched network, such as an Ethernet point-to-point access network, is used to provide subscribers with access to multicast traffic services via the Internet or another external network, it is essential that some kind of access control is provided to ensure that only users that have subscribed to the service are permitted access.
One existing control option is the encryption of the multicast traffic flow. Generally, different multicast channels will have a separate encryption key. Subscribers to the encrypted multicast channel are provided with the corresponding encryption key by the multicast service provider. For each multicast channel, the encryption key will be the same for all users. This encryption key may be distributed to the users in a number of ways, for example, on a smartcard or as a software encryption certificate. However, the encryption of such services is not very secure, particularly when a set-top box using an open source operating system is used (such as the Dreambox, which uses Linux). These systems use an open source application program interface (API) to interface with a module that receives the smartcard or credit card. Such systems are generally connected to the Internet; hence by simply and legally modifying the (API), it is possible to access the encryption key and share this key over the internet. Even without the open source option, users with a more advanced understanding of encryption may also be capable of deciphering an encryption key, particularly when both the encrypted and the non-encrypted data streams are available, as is the case when a set-top box is used with a valid smart card.
A more secure manner of controlling access to multicast traffic is a port-based control. This requires an access node of the access network to hold a list of the access rights of connected subscribers to the various multicast services. The subscriber is identified by the physical Ethernet or ADSL port number of the access node to which it is attached. While such a control is effective, the administration required to maintain an access list for each physical port of an access node is very burdensome. Every change in the services offered must be registered in all access nodes carrying a list of access rights. For example, when a multicast service provider offering a bundle of TV channels needs to modify the composition of this bundle by adding or removing channels, this information must be updated on all access lists.
Moreover, while a service provider can be given access rights to an access node (for example using Simple Network Management Protocol, Management Information Base and Command Line Interface SNMP/MIB/CLI) in the absence of any access management system, this access presently permits either read-only rights or full rights to an access node. Providing full access rights would enable access to all access lists, even those from other multicast service providers. Such an option is clearly not desirable.