Cable television (TV) providers distribute video streams to subscribers by way of conditional access (CA) systems. CA systems distribute video streams from a headend of the cable TV provider to a set-top box (STB) associated with a subscriber. The headend includes hardware that receives the video streams and distributes them to the STB's within the CA system. Select STB's are allowed to decode certain video streams according to entitlement information sent by the cable TV provider to the STB. In a similar way, other video program providers use satellite dishes to wirelessly distribute video content to STB's.
Video programs are broadcast to all STB's, but only a subset of those boxes is given access to specific video programs. For example, only those that have ordered a pay-per-view boxing match are allowed to view it even though every STB may receive encrypted data stream for the match. Once a user orders the pay per view program, an entitlement message is broadcast in encrypted form to all STB's. Only the particular STB for which the entitlement message is intended can decrypt it. Inside the decrypted entitlement message is a key that will decrypt the pay per view program. With that key, the STB decrypts the pay-per-view program as it is received in real-time. Some systems sign entitlement messages.
Only recently has storage of multiple hours of video become practical. Each video program is transmitted to STB's as a compressed MPEG2 data stream. One hour of video corresponds to about one gigabyte of compressed data. Since multi-gigabyte storage is common today, multiple hours of video can now be stored. In contrast, conventional CA systems presume content is ephemeral and cannot be stored. In other words, conventional systems are designed presuming that the video programs were too large to retain them for any period of time. As those skilled in the art can appreciate, the ability to store multi-gigabyte video programs spawns a need for additional security measures in CA systems.
Some systems integrate personal computing with a TV to display content. Products such as WebTV™ integrate web browsing and E-mail features with a TV. In other systems, a personal computer (PC) is connected to an Internet service provider (ISP) that provides the content for the web browsing and E-mail features. Software programs, such as the E-mail program, tend to be small and easily stored. Those skilled in the art recognize that these PC's do not provide adequate security and are thus susceptible to viruses and hackers.
As described above, conventional CA systems only check entitlement of video streams. With the advent of larger storage and smaller Internet related programs, content can be stored and reside with the user for an indefinite period of time. To maintain control over this content, additional security measures are needed.
Therefore, security techniques have been developed that assure the security of objects and resources. Security checks can made at various times during the handling of the object or resource.