1. Field of the Invention
The present invention relates to conditional access cable television systems. In particular, the invention relates to a system by which a local cable headend operator may control access by his subscribers to a global or national transport data stream.
2. Description of Related Art
FIG. 1A depicts conventional encryptor 2. Unencrypted payload data UPD is processed using encryption key EK into encrypted payload data at output OUT of encryptor 2. FIG. 1B depicts conventional decryptor 4. Encrypted payload data EPD is processed using decryption key DK in decryptor 4 to produce decrypted payload data at output OUT of decryptor 4.
FIG. 2A depicts conventional encoder 10. FIG. 2B depicts conventional decoder 40. In FIG. 2A service provider 12 provides digital services, for example, MPEG encoded motion pictures, digital sound recordings, software, games, etc., for transport to decoder 40. The service is encrypted under a seed from pseudo-random number seed generator 14. Encryptor 22 processes the service data using the seed as the encryption key to produce encrypted service E.sub.SEED (SERVICE). The encrypted service is combined in multiplexer 20 and placed into transport data stream TDS. In order for decoder 40 to recover the service data from the encrypted service data, decoder 40 must be provided with the seed.
The seed is distributed in the transport data stream TDS in a broadcast mode (i.e., all decoders receive the seed at the same time). The seed must be encrypted to avoid exploitation by possible data pirates. The seed is encrypted in encryptor 24 using multi-session key MSK to provide encrypted seed E.sub.MSK (SEED). Multi-session key MSK comes from the service distributor 16. Encrypted seed E.sub.MSK (SEED) is placed in transport data stream TDS in a broadcast mode by multiplexer 20. Preferably, the seed is modified frequently, for example, ten times per second. Therefore, encrypted seed E.sub.MSK (SEED) is broadcast to all decoders 40 at, for example, ten times per second. In order to recover the seed, decoder 40 must gain access to multi-session key MSK.
Multi-session key MSK is distributed via transport data stream TDS to authorized decoders 40 (i.e., decoders of subscribers whose monthly bill has been paid). Preferably multi-session key MSK is changed once a month. In order to distribute multi-session key MSK over transport data stream TDS, the multi-session key is encrypted in encryptor 26 using secret serial number SSN as the encryption key to provide encrypted multi-session key E.sub.SSN (MSK). Since the encrypted multi-session key need only be provided to the decoders one time each month, it is possible to address the encrypted multi-session key to each decoder individually, in contrast to broadcasting the encrypted seed to all decoders simultaneously. In practice, the MSK is addressed and sent, in advance of it being needed, to each decoder many times during each month in order to ensure that, among other reasons, it is decrypted and available when needed. Multiplexer 20 places encrypted multi-session key E.sub.SSN (MSK) in transport data stream IDS only when the subscriber has paid his monthly bill. Each decoder 40 has stored within it a unique secret serial number SSN and a corresponding public serial number (used as an address). In FIG. 2A, secret serial number SSN and public serial number PSN for a particular decoder are retrieved from memory 18. Secret serial number SSN is provided to encrypter 26, and public serial number PSN is provided to multiplexer 20. When the bill has been timely paid, multiplexer 20 prepares encrypted multi-session key for transport to the decoder whose address is public serial number PSN.
In FIG. 2B, the corresponding secret serial number SSN and associated public serial number PSN is stored in memory 32 of decoder 40. Public serial number PSN is provided to demultiplexer 30 so that demultiplexer 30 can select an encrypted multisession key addressed to the decoder 40 under public serial number PSN which corresponds to the secret serial number from transport data stream TDS. Encrypted multi-session key E.sub.SSN (MSK) is decrypted in decryptor 34 using secret serial number SSN from memory 32 to provide multi-session key MSK. Demultiplexer 30 also selects from transport data stream TDS encrypted seed E.sub.MSK (SEED). The encrypted seed is processed in decryptor 36 using multi-session key MSK as the decryption key to provide the unencrypted seed. The unencrypted seed preferably changes at a high rate, for example, ten times per second. Demultiplexer 30 also selects from transport data stream TDS encrypted service E.sub.SEED (SERVICE). The encrypted service is processed in decryptor 38 using the seed as the decryption key to recover the unencrypted service.
Other means are known for the delivery of multi-session key MSK. For example, in U.S. Pat. No. 5,029,207 to Gammie, incorporated herein by reference, multi-session key MSK is twice encrypted at the encoder and twice decrypted in the decoder, first in a replaceable security module and then in a fixed security element of the decoder.
Furthermore, in order to defeat data pirates, memory 32. and decryptors 34 and 36 (FIG. 2B) and memory storage for multi-session key MSK (not shown) are mechanized within a secure microprocessor that denies pirates access to keys SSN and MSK. Although a pirate would still have access to the seed at the output terminals of the secure microprocessor, the useful life of the seed is short since it is changed often, for example, ten times per second.
FIG. 3 depicts conventional system 50 having national control center 52 that contains encoder 10. Transport data stream TDS from encoder 10 is transmitted by an uplink transmitter of national control center 52 to satellite repeater 54. Satellite repeater 54 transmits this signal so that cable head-end 56 receives the signal. Cable head end 56 re-transmits this signal to decoders 40.
In the national transport data stream (NTDS), entitlement management message EMM, which is uniquely addressable to an individual decoder, contains the MSK encrypted with the particular decoder's SSN as well as service authorization information for the particular decoder. In system 50 having national control center 52 that produces national transport data stream NTDS, national control center 52 provides both the encrypted MSK (i.e., E.sub.SSN (MSK)) and the decoder service authorization information. The national center generates the appropriate entitlement management messages and addresses them to the individual encoders. The cable head-end operator simply acts as a conduit for this national transport data stream.
Some cable head-end operators, however, wish to have local control over the service authorization information. They want to have local control of a decoder's conditional access to programs and to particular programs. However, the local cable head-end operators do not feel a need to do their own program encryption. They would like to maintain the program encryption already performed at the national control center.
In many cable systems in use today, a national control center performs all of the multiplexing of services, as well as the encryption of each service and the global encryption of the entire payload part of the transport data stream. In such a system, cable head-end operators essentially act as conduits for this national signal. The national center also handles all other conditional access duties including placing service authorization information in entitlement management messages addressed to each decoder.
Other systems in use today allow the cable head-end operator to have local control over both conditional access and encryption. Some operators want the local control ability, but the equipment needed is, of course, more expensive.
Cable operators will want to somehow differentiate or control access to different market segments. For example, suppose three cable companies were operating in a given area. If all of them supplied their subscribers with a national center's signal, someone subscribing to one company could easily lend his/her settop decoder to someone subscribing to another company. Thus, there is a need for a system which would allow the cable head-end operator to continue using the signal supplied by the national center, but yet be able to control access to different market areas or segments.