Conditional access (“CA”) generally refers to a system which permits data to be propagated pervasively through a network, and where destination systems, on the network, are selectively given access to all, or portions of, the propagated data. For example, a conditional access system (“CAS”) is conventionally used in the distribution of digital cable television signals. In a digital cable television distribution system, a signal, containing the data, is received at a broadcast center, encoded and broadcasted to a large number of destination systems. The destination systems often include set-top boxes located near a cable television subscriber's television/display, or more remote from the end-user in the broadcast path. Preferably, the signal is secured so that it is not readily usable by an unauthorized end-user, but is usable by only authorized end-users. An unauthorized end-user might be someone who has added hardware to an existing cable system to obtain service where no service is ordered or might simply be a valid subscriber that is not subscribing to a particular portion of the content distributed over the digital cable system.
One conventional approach to distributing signals over a digital cable system is to receive as inputs a set of one or more programs or streams representing video channels. Such streams might be encoded using MPEG encoding and a single television program might comprise more than one “elementary stream,” where an elementary stream is the coded representation of a single video, audio or other data stream that shares a common time base of the program of which it is a member.
One conventional approach to securing signals over the cable television system is to encrypt the elementary streams such that they can only be easily decrypted by an authorized decoder at a end-user receiving end. This can be done, for example, by encrypting the broadcast streams using a symmetric key and providing the symmetric key to each of the authorized end-user decoders, such as over an out-of-band channel or using one of the many key distribution schemes known in the art.
Such a system works well when all of the decoders utilize the conditional access system, such as where the cable distribution system is used by a single provider to provide signals to its customers and all of the decoders are in the hands in the provider's customers. The problem is more difficult when multiple conditional access systems are sharing the same network. In a simple approach to sharing a network among multiple conditional access systems, each broadcaster could independently encode its content streams and deliver them to the various end-users in, for example, a multiplexed fashion. This approach is acceptable where the different broadcasters are broadcasting unrelated content, but where the source signal, such as television signals to be broadcasted, are the same over the various conditional access systems, it is clear that considerable network bandwidth would be required, since bandwidth requirements for any given set of programs would be approximately the bandwidth required for distributing the programs times the number of conditional access systems sharing the cable network.
One traditional way of distributing content over a network shared among more than one conditional access system is the system described above, often referred to as “multicrypt” where all the source data is sent multiple times, with each iteration encrypted for one of the conditional access systems. An approach to this problem that reduces bandwidth use is the “simulcrypt” approach, wherein the streams to be protected are encrypted one time, and the decryption keys needed to decrypt the one set of streams is shared among the conditional access systems. While this saves bandwidth, it introduces additional complications, such as the need to facilitate key sharing and to solve the resultant key protection problems as well.
What is needed is a system and method to provide end-users with an intermediate option for providing desired program content utilizing multiple condition access systems.