1. Technical Field
The present invention is generally related to multimedia delivery over the Internet. Particularly, the present invention is related to techniques providing access control of media services offered on an open network, such as the Internet, the Satellite based on a hybrid architecture taking the benefits, features and advantages of both client-server architecture and distributed architecture.
2. Description of the Related Art
Continuous or on-demand media data such as video and audio programs have been broadcasted over data networks (e.g., the Internet). Broadcast of such media information over data networks by digital broadcasting systems provides many advantages and benefits that cannot be matched by current television cable systems or over-the-air broadcasting.
With the media-over-network systems, service providers are often able to draw viewers into an exciting, interactive and enhanced television or viewing experience. Video-On-Demand (VOD) or Near Video-On-Demand (NVOD) collectively referred to herein as VOD programs are examples of the interactive television programs typically provided by a service provider to its subscribers. VOD programs are video sessions that subscribers can order whenever they want or per NVOD schedules. FIG. 1 shows a video delivery system 100 that is commonly used for delivering VOD programs over a network. The video delivery system 100 includes a video server 102 that is sometimes referred to as a head-end. Through a data network 104, the video server 102 can provide continuous, scheduled and video-on-demand (VOD) services to respective client machines 106-1, 106-2, . . . 106-n (i.e., its subscribers). The server 102 is further coupled to a media storage device 112 that may be configured to store various media files (e.g., movies or news footage). The media storage device 112 must be online, store and supply titles scheduled or demanded for delivery to any of the client machines 106-1, 106-2, . . . 106-n. 
To ensure quality of service (QoS), the bandwidth requirement of the network path (e.g., 108-1, 108-2, . . . 108-n) to each of the client machines 106-1, 106-2, . . . 106-n has to be sufficient. However, as the number of the subscribers continues to increase, the demand on the bandwidth of the backbone network path 110 increases linearly, and the overall cost of the system 100 increases considerably at the same time. If the server has a fixed bandwidth limit and system support capability, an increase in the number of subscribers beyond a certain threshold will result in slower transfer of data to clients. In other words, the transmission of the video data over the network 104 to the subscribers via the client machines 106-1, 106-2, . . . 106-n is no longer guaranteed. When the video data is not received in a client machine on time, the display of the video data may fail or at least become jittery.
To alleviate such loading problem to the video server 102, a video delivery system often employs multiple video servers as rendering farms, perhaps in multiple locations. Each of the video servers, similar to the video server 102, is configured to support a limited number of subscribers. Whenever the number of subscribers goes beyond the capacity of a video server or the bandwidth thereof, an additional video server needs to be deployed or additional bandwidth needs to be allocated. Subsequently, overall costs go up considerably when more subscribers sign up with the video delivery system 100.
Although more servers may be added to accommodate more subscribers, the implementation of the video server 102 present many challenges to consider in access control. Among the challenges, one of them is that only a single subscriber or household is permitted to view a particular VOD program that was ordered, yet the transmission of its video data over an open network may reach hundreds or thousands of homes. Another challenge is that a service provider has no knowledge exactly how many times a particular VOD program has been accessed once the particular VOD program is released to a subscriber. Still another challenge requires that a service provider has sufficient equipment to deal with encryption and decryption processes, often in real time, and generally the equipment is expensive.
There have been various efforts towards improving access control by addressing some of the above-mentioned challenges. One conventional approach uses a conditional access (CA) system that uses session-based security schemes to assure that only specific subscribers who have purchased viewing rights to a VOD transmission can view the content and that other subscribers within the transmission area are unable to view the content.
FIG. 1B is a block diagram representing the video server 102 of FIG. 1A. The video server or conventional media delivery center 130 represents one example of the sophisticated and costly equipment conventionally required to provide decryption and encryption processing for secure access. The media delivery center 130 may receive a Digital Video Broadcast (DVB) that is transmitted to the media delivery center 130 by a source provider. A DVB is directed to a decryption unit 132. The decryption unit 132 operates to convert the DVB which is encrypted into a decrypted DVB. The decrypted DVB is then directed to an IP gateway 134 that operates to convert the decrypted DVB into separate content streams representing individual programs. The individual programs are formatted in an IP format when output from the IP gateway 134. The separate content streams may be immediately delivered or be stored to a media storage device 136 until an appropriate time for their broadcasting to various subscribers over a data network.
Various content streams include IP packets that are directed to appropriate channels for delivery over the data network. The IP packets include IP data representing the content of the programs. Prior to transmission over the data network, the IP packets are encrypted by an appropriate encryption unit 138. The media delivery center 130 may include a plurality of encryption units 138, with each encryption unit 138 being associated with a separate channel supported by the media delivery center 130. Hence, as noted above, the decryption and subsequent encryption performed, often real time, at the media delivery center 130 require sophisticated and costly hardware which is out of reach for many smaller scale service providers.
One idea behind the conditional access system as depicted in FIG. 1B is that only an authorized set-top box associated with a subscriber can decrypt a video stream from the media delivery center 130 for playback. A typical way to enforce such a mechanism is to have a tamper-proof smart card on every set-top box. Each smart card has a unique secret key embedded in it. A media service delivery center (e.g., head-end) broadcasts special messages (called EMMs—entitlement management messages) that can only be decrypted or understood by a particular smart card. Such EMMs are used to provide a particular smart card with the “master key” to decrypt specific programs (e.g., VOD titles or PPV movies). The master key may be updated periodically with updated EMMs. Once the smart card has the “master key” for a program, it can help decrypt the video stream for an ordered program.
Exactly how and when the “master key” is fed to the smart card can vary quite a lot. For example, for a pay-per-view service, a user may make a phone call to order a PPV event/movie, at which time or shortly after, an EMM message with the master key is fed to the smart card associated with the user through the broadcast mechanism. In another example, such as impulse pay-per-view, a smart card is already given the “master keys” to the content even before the user orders it. The user may order the event on the box, at which time the smart card logs the “purchase” in its secure memory and lets the use watch the content.
In addition to the increasing costs in deploying more servers to accommodate more subscribers, the conditional access system as described above is subject to many issues. Among the issues, one of them is that the conditional access system could not prevent “cloning attacks” by which multiple set-top boxes use the same cloned smart card to receive the media services. Another issue is the repeated access to an order program that is already in a set-top box.
Thus, there is a need for improved techniques for cost effective ways for service providers to securely deliver programs to subscribers over an open network.