Cable television systems are widely deployed for the distribution of television signals, and typically provide greater selection and quality of channel reception than can be received using traditional over-the-air broadcast antennas at the point-of-reception. The deployment of new cable technology, such as digital cable, provides more robust transmission and increased channel capacity, and allows services to be offered such as selective subscription to premium channels and pay-per-view events. The offering of such services typically requires a set top box to decode and decrypt the digital signals, which are typically encoded using the MPEG-2 digital encoding standard. The cable operator typically provides the set top box to the cable subscriber for a monthly leasing fee.
The basic architecture for a cable system is illustrated in FIG. 1, which depicts the prior art and involves a cable headend 5 emanating multiplexed signals over a cable distribution network 6. The cable distribution network has evolved over time and was originally primarily a bifurcated tree architecture using coaxial cable (not shown). The cable distribution network has become more sophisticated in recent years, both in its architecture and technology, typically incorporating optical fiber transmission and multiplexing equipment based on an architecture involving interconnected ‘rings’ (not shown). Regardless of the architecture, the network can be logically depicted as providing connectivity between the cable headend where the signals originate and the cable set top box 7 where the signals are received.
The cable headend 5 contains various equipment, including receivers, transmitters, optical terminations, multiplexing equipment, and transmission devices. It also contains functions for encrypting signals, which will be discussed further. The cable headend is typically tightly ‘coupled’ with the provisioning/conditional access system 1b as represented by the dotted line 2. The provisioning/conditional access system functions closely with the cable headend in regard to enabling a particular subscriber to decode authorized channels. Thus, channel authorization for a subscriber requires coordination between the provisioning/conditional access system and the cable headend, specifically the integrated receiver transcoders (IRT) contained in the headend (not shown). The IRT is a component of the conditional access scheme and used to control dissemination of entitlement control messages (ECMs) which is a message conveying a key that authorizes access to a program. In some contexts, industry usage of the term “headend” encompasses both elements the provisioning/conditional access system 1b, and the cable headend 5, but some distinction of functionality is maintained herein.
The cable set top box (“set top box” or “STB”) provides additional flexibility for the cable system operator to provide basic and premium services. For analog services, the STB may authorize access to, and descramble the video signals. For basic and premium digital services, the STB decodes and decrypts the digital MPEG program signals that include encoded video and audio signals. The STB also provides a mechanism for the cable operator to selectively authorize reception of an individual channel (e.g., premium service) or a group of channels (e.g., basic service). The STB is used by the cable operator to selectively authorize other services, such as enabling the purchase of pay-per-view events or enabling an input/output port to connect to an external device. The STB typically incorporates specialized hardware and software employed for decrypting digital program data. The special hardware and software is typically embedded into the STB, but may be implemented on a removable circuit card. Once the program data is decrypted and decoded, it is then converted to a standard television signal that is typically transmitted over a coaxial cable 9 to a traditional analog television set 10 for viewing. With the advent of digital televisions, the decrypted data may be digitally transmitted, either in the clear or further encrypted, to the digital television or display monitor. The decryption techniques are typically based on sending periodic ECMs from the cable headend (specifically from the IRT) to the STB for decrypting digital program data. The keys are typically sent using another encryption key. As programs are broadcasted on channels over the cable distribution network 6, the STB can theoretically tune to any channel. However, by sending the entitlement management messages (EMMs) to a particular STB, the STB is able to decrypt the data only as authorized. Typically, a particular key authorizes viewing of only one channel. Other messages, containing channel maps, indicate how to locate a particular channel in the multiplexed data. Thus, without having the channel map or decryption key, a STB cannot effectively provide a program to the viewer's television. This is one embodiment of a common security scheme (a.k.a. “conditional access scheme”) that is designed to thwart theft of cable services (either basic or premium services) by the use of illegal set top boxes to receive services.
A cable subscriber may indicate their request to add service, such as a premium channel by telephoning a customer service representative (“agent”) 522 and verbally indicating their subscription request. The agent is in a call center and operates a computer 523 for provisioning the service. After obtaining the necessary information from the user, the agent 522 indicates the desired services 523 using a computer operatively connected to a billing system 1a and provisioning/conditional access system 1b. The billing system contains a database of ‘house records’, so called, as the records are associated with a house or residential serving location. Each record includes the address, and information as to what services can be provided to that location. Typically, the cable network may have different service capabilities in different portions of the cable network, and thus not every serving location is able to receive the same services. For example, the cable network may serve several subdivisions of homes with a portion of the cable network that has been upgraded that provides a greater number of channels and services than another subdivision that is served with another portion of the cable network that has not been upgraded. If the house record indicates the location is currently receiving service, then the subscriber's name and service related information is provided. The records further indicate ‘outlet’ information that includes information as to how many and which type of set top boxes is present. Thus, any form of subscriber information or service related information is typically maintained by the billing system. This includes a subscriber's current service selections, past selections, payment related information, etc. Further, the billing system maintains information regarding various groupings of service offering (“service packages”) that are mapped to “billing codes.” The groupings of services associated with a service package are defined by various business rules by the cable operator. The business rules not only define which channels are associated with a service package, but information such as equipment requirements (e.g., required STB type or model number), billing aspects, and ancillary service aspects (e.g., use of a remote control, enabling a switched power outlet on the STB, enabling pay-per-view capabilities, etc.).
Each cable service package is mapped to a billing code (a.k.a. ‘billing handle’) and then further mapped by the provisioning/conditional access system to one or more service tiers. A service tier is typically associated with authorizing a STB to decode a particular channel. Thus, ‘basic digital cable’ may have a single billing code that corresponds to a plurality of service tiers, where each service tier results in sending the STB the appropriate EMMs authorizing the STB to decrypt the channels comprising basic digital cable. The provisioning/conditional access system receives the billing code along with the host address. The provisioning/conditional access system maps the billing code to one or more service tiers and communicates the appropriate EMMs to the STB, which in turn, enables the STB to decrypt the program. Thus, the provisioning/conditional access system has limited knowledge of service related information and typically does not have any subscriber level information.
Provisioning a service frequently involves adding a channel to an existing subscriber's services and uses a similar scheme as described above. Adding a premium channel can be accomplished by instructing the billing system 1a to add a billing code to the subscriber's service profile, which updates the billing associated with the subscriber. The billing system communicates the billing code and STB address to the provisioning/conditional access system 1b. The provisioning/conditional access system then communicates the service tier by sending the appropriate decryption keys via an EMM to the STB.
In some cases, provisioning a service may result in authorizing a subscriber's STB to decode and decrypt multiple channels. A billing code corresponding to ‘basic cable service’ may comprise, for example, 40 channels. The billing system contains business rules that define the channels associated with the basic service package with the billing code, which in turn is mapped to 40 service tiers by the provisioning/conditional access system.
However, provisioning a service may also involve authorizing or configuring other capabilities as part of the overall service that is not associated with a STB decoding and decrypting a program. For example, cable system operators typically provide the STB access to program guide information. This can be accomplished by using the same scheme of communicating a service tier to the STB using the above mentioned process or sending a specific command message processed by the STB. In the case of the use of a service tier, the service tier is associated with an application in the STB that enables access to programming guide information. In this example, there are no ECM messages sent, as there is no programming data to decrypt. In another example, the cable system operator may enable the use of a remote controller with the STB. The STB can be configured to recognize a controller by sending the STB a service tier or a specific command message. Thus, in some instances, when a billing code is conveyed for a service, (e.g., ‘basic cable service’), the provisioning/conditional access system may map this billing code to several service tiers. For example, the ‘basic cable service’ billing code not only typically authorizes various channels, but also may configure the STB for using a remote controller and configure the STB for receiving program guide information. In other circumstances, a billing code may be mapped to only a single service tier (e.g., adding a premium channel).
In addition the billing system 1a can instruct the provisioning/conditional access system to perform other actions involving the STB. The billing system can send commands or billing codes to the provisioning/conditional access system to effect various functions. Some common commands include installing a particular STB, resetting a particular STB, downloading software, or polling a particular STB. Installation of a STB involves the provisioning/conditional access system storing information about a newly deployed (or soon to be deployed) STB. Typically, the STB is identified by an address, such as a MAC level address used in conjunction with the serial number of the conditional access module. Resetting a target STB instructs the provisioning/conditional access system to re-initialize parameters in a particular STB and potentially re-send decryption keys to the STB to authorize decoding of the appropriate channels. Downloading software to a host can be accomplished by sending a service code to the host, where the service tier indicates the host should monitor a channel for updated software, and download it if the software is a newer version than contained in the host. Finally, polling a STB is used to periodically collect information from the target STB, such as pay-per-view viewing data maintained in the memory of the conditional access, module.
However, each of these commands or service tiers must be recognized by the conditional access module and either acted upon by the conditional access module or passed by the conditional access module to the host.
In summary, provisioning existing cable services (‘legacy’ services) typically involves an agent interacting with the billing system to create or modify a subscriber's record to add or delete a billing code associated with an existing subscriber's service profile. The billing system maintains subscriber and service related information and sends a series of billing codes as appropriate along with the subscriber's host address to the provisioning/conditional access system. The provisioning/conditional access system is aware of whether a billing code is associated with authorizing a STB to receive a channel. The provisioning/conditional access system sends the service tier contained in an EMM to the STB via the cable headend. In this manner, the subscriber is provisioned for a service. Other service related provisioning aspects may also require sending potentially proprietary commands to the STB, which may be proprietary in nature. Thus, provisioning a cable subscriber in a legacy system typically involves sending a combination of proprietary messages to authorize, configure, and command the host.
In the previous example, the cable distribution network 6 provides a method for communicating messages to the STB, but not necessarily in the reverse direction. If there is no reverse channel communication, then this type of cable distribution network is called a one-way network. Users desiring to communicate with the network (e.g., requesting a service to be added) typically initiate communication with the network via a telephone call to a network agent. Alternatively, the STB may automatically initiate a call and interact with an automated system. The agent then performs the appropriate provisioning actions. In other networks, a reverse communication path is provided for communicating information from the STB to the headend. Such two-way cable networks allow data conveyed from the STB to the cable headend, such as acknowledging receipt of data. Since the STB can signal to the cable headend using the cable distribution plant 6, two-way networks also allow greater flexibility in service offering. For example, early deployments of pay-per-view services on one-way networks relied on the telephone network for reporting subscriber usage data to the cable network in order to calculate the subscriber's billing charges. With deployment of two-way networks, pay-per-view subscribers with a configured STB can use the reverse path on the cable system to report monthly viewing data.
A STB that can signal in the reverse path on a two-way cable network is different than a STB designed for one-way communication. FIG. 2 illustrates one embodiment of the functional components in a prior art one-way STB 7. A tuner 20 receives the signal from the cable distribution network 3 and then a demodulator 22 provides the multiplexed digital video information. The signal is also processed by receiver 23 isolating out-of-band information, such as control messages or decryption keys. Both the out-of-band messages and the video information are sent to a Point of Deployment (“POD”) module 27 that may be implemented on a removable circuit board for processing incoming data. The POD module also performs decryption of the data. Alternatively, the POD functionality is implemented on circuitry embedded with other functionality in the STB. This is sometimes referred to as ‘embedded security.’ After decryption, the video information is demultiplexed by the demultiplexor 25, decoded, and then provided as an output signal to a television. This could be in a PAL format (common in Europe), NTSC format (common in the U.S.), or in a digital format (suitable for newer digital televisions or display monitors), either encrypted or not.
The POD 27 functionality interworks with the Host 8, and the two sets of functions together embody a typical STB 7. The POD-to-Host interface 21 is defined by an industry standard published by the Society of Cable, Telecommunications Engineers in a document referenced as SCTE 28 2003 (formerly referenced as “DVS 295”). A standard POD-to-Host interface facilitates different host manufacturers developing host units. Heretofore, the STB has been referred broadly, but it is necessary to reference the host functionality distinct from the POD functionality.
The POD module contains security (encryption) related algorithms and decryption keys. Its distribution is carefully controlled by the manufacturer and cable system operator. These security techniques are called ‘conditional access’ schemes and are designed to deter theft of cable services as well as use of unauthorized STB units. Thus, the POD functionality is generically referred to as a ‘conditional access module’ herein. Other common industry terms for the POD include “CableCARD™” or “removable security module.” The host is typically considered the remaining functionality in the STB including the CPU, but excluding the conditional access module. Other possible implementations integrate the host functionality into a consumer electronics device (e.g., digital television) and use a removable conditional access module. A removable conditional access module is typically inserted into a slot on the consumer electronics device or STB.
FIG. 3 illustrates the prior art of a STB capable of two-way communication and is largely distinguishable from the one-way STB in that the two-way STB incorporates a transmitter 28 for sending information back to the headend. In both FIGS. 2 and 3, the STB comprises a host 7 and a conditional access module 27. In both figures, the messages may be filtered by the conditional access module. The conditional access module determines whether the message is passed to the host CPU 26 or processed by the conditional access module. This is true regardless of whether the messages are sent inband (involving the tuner 20 or the demodulator 22) or whether the messages are sent out-of-band (involving receiver 23). Consequently, in the current existing architecture, the provisioning of new or enhanced services may require passing new messages in the existing architecture between the cable headend and the host. This typically requires reprogramming or replacing conditional access modules in the deployed STB, or replacing the STB. Further, this requires coordination and cooperation of the conditional access module manufacturer, host manufacturer, as well as the headend equipment provider, to recognize and process the new messages. In all cases, the authorization and command messages emanate from the cable headend and are directed to a specific conditional access module, which then processes or forwards the message over the POD-host interface. Because of the compatibility required between the cable headend and the STB, cable operators typically carefully control the connection and use of STBs to the network. Typically, different conditional access schemes are not compatible with each other. For example, two main vendors of cable network equipment include Motorola® and Scientific-Atlanta®. The conditional access schemes and messaging for each vendor are typically not compatible with each other. Thus, a STB with an embedded conditional access module functioning on one network will not operate on the other network. To minimize interoperability problems and maintain customer satisfaction, the cable operator typically provides the STB to the cable subscriber, often on a leased basis. Hence, the cable subscriber typically is limited in their choice of STB brands and models. For a variety of reasons, many host manufacturers do not introduce innovative service capabilities in the host application software because the new capabilities would have to be supported by potentially the cable headend, conditional access module and billing and provisioning/conditional access system. If the vendor of the conditional access module does not recognize or pass information to a host CPU, or does not pass it in a defined manner, then that host capability cannot be configured by the cable network. Further, the coordination of development and deployment of new capabilities in these various legacy systems is difficult and competing business interests limit any coordination and cooperation. As evident, the development of a new host application executed by the CPU in the current architecture requires coordination of the development and deployment of a defined capability in the host with the conditional access module. Since current cable networks maintain only a limited ability to discriminate between different host capabilities and cannot accommodate different conditional access implementations, any deviation in the host's legacy based signaling capabilities results in host incompatibility. It is neither economically feasible, nor practical, for a cable system operator to replace a conditional access module every time an upgrade is required due to a new messaging capability.