Digital content distribution has increased tremendously with the emergence of Wide Area Networks (“WANs”) such as the Internet. For example, users on the Internet can request streaming video content using a video-on-demand type of service. A number of challenges exist, however, for distributing content to users via the Internet. One challenge is preventing illegal copying and distribution of premium content.
Network operators use a number of content protection systems to prevent illegal copying and distribution of content. One type of content protection system is a conditional access (CA) system. A CA system imposes restrictions and rules for accessing distributed content. For example, a CA system may control access to content by encrypting the content before distribution and sending decryption keys for users to decrypt the encrypted content. A CA system typically uses entitlement control messages (“ECMs”) to deliver the decryption keys to the users. An ECM is a message that includes decryption keys to decrypt encrypted content and rules and requirements to access the decryption keys. In many current CA systems the same encrypted content is broadcasted to multiple users along with its corresponding ECM on the same network. A disadvantage of current CA systems is that the same encrypted content and decryption keys are distributed to all users. Thus, for current CA systems, there is no secure means to create unique content copies for each user.
Therefore, what is needed is a secure method to deliver ECMs such that authorized users only receive ECMs containing the right decryption keys for decrypting the right piece of content, thereby creating a unique sequence for each user. Further, what is needed is a secure environment and method to select an appropriate session decryption key from the decryption keys delivered within the ECMs in order to decrypt the desired content.