One way of distributing information is to broadcast it, that is, to place the information on a medium from which it can be received by any device that is connected to the medium. Television and radio are well-known broadcast media. If one wishes to make money by distributing information on a broadcast medium, there are a couple of alternatives. A first is to find sponsors to pay for broadcasting the information. A second is to permit access to the broadcast information only to those who have paid for it. This is generally done by broadcasting the information in scrambled or encrypted form. Although any device that is connected to the medium can receive the scrambled or encrypted information, only the devices of those users who have paid to have access to the information are able to unscramble or decrypt the information.
A service distribution organization, for example a communications system or a satellite television company, provides its subscribers with information from a number of program sources. For example, the History Channel is a program source that provides television programs about history. Each program provided by the History Channel is an “instance” of that program source. When the service distribution organization broadcasts an instance of the program source, it encrypts or scrambles the instance to form an encrypted instance. An encrypted instance contains instance data, which is the encrypted information making up the program.
An encrypted instance is broadcast over a transmission medium. The transmission medium may be wireless or it may be “wired”, that is, provided via a wire, a coaxial cable, or a fiber optic cable. It is received in a large number of set-top boxes. The function of the set-top box is to determine whether an encrypted instance should be decrypted and, if so, to decrypt it to produce a decrypted instance comprising the information making up the program. This information is the delivered to a television set.
Subscribers generally purchase services by the month (though a service may be a one-time event), and after a subscriber has purchased a service, the service distribution organization sends the set-top box belonging to the subscriber messages required to provide the authorization information for the purchased services. Authorization information may be sent with the instance data or may be sent via a separate channel, for example, via an out-of-band RF link, to a set-top box. Various techniques have been employed to encrypt the authorization information. Authorization information may include a key for a service of the service distribution organization and an indication of what programs in the service the subscriber is entitled to watch. If the authorization information indicates that the subscriber is entitled to watch the program of an encrypted instance, the set-top box decrypts the encrypted instance. It will be appreciated that “encryption” and “scrambling” are similar processes and that “decryption” and “descrambling” are similar processes; a difference is that scrambling and descrambling are generally analog in nature, while encryption and description processes are usually digital.
The access restrictions are required in both analog and digital systems. In all systems, the continued technological improvements being used to overcome the access restrictions require more secure and flexible access restrictions. As more systems switch from an analog format to a digital format, or a hybrid system containing both analog and digital formats, flexible access restrictions will be required.
Restricting access to broadcast information is just as important for digital information, such as inserted advertising or enhanced applications and/or programs. For example, one approach is to insert advertising material as an overlay of a movie channel or a subscription channel. Without appropriate safeguards, some services may do this without the permission of the network operator or the owner of the instance. This use of both network bandwidth and instance content is undesirable from the viewpoint of the operators and the content owners. Thus, what is needed is a way to provide secure control of such “enhanced services.”