The present invention relates generally to conditional access systems of the type used to control cable subscriber set-top boxes and particularly concerns a countdown technique for increasing the security of such conditional access systems.
Conditional access systems for subscriber units such as cable subscriber set-top box decoders are well-known in the art. Conditional access is conventionally achieved by downloading one or more authorization levels for storage in the decoder. The stored authorization levels may be represented by a bit map or a list of individual multi-bit codes, or a combination of both. Each received subscription program, which is normally scrambled to prevent access thereto by an unauthorized subscriber, includes an authorization code (sometimes referred to as a program tag) identifying the associated program. If the program tag corresponds to an authorized level in the stored bit map or to a stored listed authorization level of the subscriber, a descrambling circuit within the subscriber's decoder is enabled to descramble the signal for viewing by the subscriber. On the other hand, if the received program tag does not match any stored authorization level descrambling of the accompanying program is inhibited.
Depending on the desired resolution, recent advances in technology have made possible the transmission and reception of one or more digitally compressed television signals over a 6 MHz television channel. The television signal is preferably compressed and arranged for transport in accordance with international standards established by the Moving Pictures Expert Group (MPEG). In accordance with the MPEG standard, the compressed digital television information may be arranged for transmission in the form of a multiplexed transport stream of fixed length MPEG packets including, for example, video packets, audio packets and conditional access packets (all packets other than conditional access packets being referred to as product packets). Each packet in the transport stream includes a 4-byte header comprising a 13-bit packet identification code (PID) identifying the so-called payload (184 bytes) of the respective packet. A PID having a value equal to one (i.e. 00 . . . 1) has been reserved for use with conditional access packets.
In a general sense, conditional access for digitally compressed subscription systems of the foregoing type may be achieved using techniques quite similar to those employed in prior art analog subscription systems. However, since it is anticipated that the digital systems will make much more extensive use of services such as video-on-demand, it is desirable to provide increased confidence that the operation of the conditional access system is largely tamper-proof. For example, the security of the conditional access system may be compromised by interrupting the conditional access data stream to the decoder, the feasibility of such interruption being facilitated by the fact that the MPEG packet headers are not encrypted. Such interruption of the conditional access data could lead to a situation where, for example, it becomes impossible to retract a previously established authorization level. This presents the subscription system operator with the dilemma of not being able to reuse authorization levels in a timely manner or assume the risk that a non-paying subscriber may have access to the service associated with a reused authorization level. The problem is compounded in connection with services such as pay-per-view television which require frequent recycling of authorization levels.