This invention relates generally to a novel method of operating a pay television system and particularly to an improved method of operating a pay television system that permits a subscriber to self-authorize his terminal to unscramble special pay per view television programs.
While the inventive method will be described in a cable television environment, it will be appreciated that it is also applicable to over-the-air television signalling systems. In its broadest aspects, the present invention is directed to a novel subscription television system of advanced security and simplicity. In its more specific implementation, the present invention is directed to a simple, secure, in-band pay per view television programming arrangement of enhanced flexibility.
In pay television systems, each subscriber terminal is typically identified by a unique address which permits the cable head-end to selectively communicate with the terminals. Each terminal also includes a microprocessor based controller and an authorization memory that has a plurality of memory locations containing authorization data that define various levels of service for which the subscriber is authorized and has paid. An unscrambler (decoder) in each subscriber terminal decoder is controlled by its authorization memory for selectively enabling unscrambling and viewing of scrambled television signals transmitted from the cable head-end. Typically, the television signal is transmitted with a program tag that is included in a data packet that identifies a particular single bit memory location in the subscriber terminal authorization memory. The corresponding memory location stores either a logic 1 or a logic 0 that determines whether the subscriber terminal is authorized or not authorized, respectively, to receive the accompanying program.
Communication between the subscriber terminal and the cable head-end is either in-band or out-of-band. In an in-band system, the communication occurs over a received television channel, whereas in an out-of-band system, the communication link is separate from the television channels. Since not all television channels in an in-band system include data, steps are normally taken to insure that the subscriber terminals tune to a data-carrying channel when the terminals are turned off. This channel is referred to as a homing channel and allows communications with the terminals even though they are ostensibly turned off. Such communications may include polling commands from the head-end for billing purposes and other control functions.
In the copending application, in addition to the program tag, an impulse pay per view (IPPV) tag that identifies a memory location in the subscriber terminal authorization memory may also be included in the transmitted data. The program tag and the IPPV tag may identify the same or different memory locations. A received, non zero, IPPV tag results in a suitable indication at the subscriber terminal decoder that the program associated with the IPPV tag may be "bought" by the subscriber taking appropriate action. The subscriber may purchase the program so identified by using a personal password to access the authorization memory and set the memory location defined by the IPPV tag to 1. Periodically, the head-end "polls" each subscriber terminal via an addressed data packet for reading the contents of the respective authorization memories. The subscriber terminals individually respond by transmitting authorization memory information to enable the head-end to determine the status of the memory location or locations defined by the IPPV tag or tags. Based upon this memory information, the head-end can determine whether the subscriber bought one or more IPPV programs and thereby the amount that is to be billed for such special event programming.
The head-end also clears the authorization memory, or a selected portion thereof, when a subscriber terminal has been successfully polled, that is when the contents of its authorization memory have been transmitted back to the head-end. In an in-band system, polling may not be accomplished if the subscriber terminal is not tuned to a data channel. In systems that do not have a homing channel, polling of the subscriber terminal may not be accomplished for some time. During this time period, reuse of that memory location for another program would permit unpolled subscriber terminals, i.e. those that have not had that location in their authorization memory interrogated and reset by the head-end, to receive further pay per view programs without being billed therefor.
In U.S. Pat. No. 4,771,458, a series of data packets are encrypted with the first "global" data packet (which includes the program and IPPV tags) being encrypted with a session key that all authorized subscribers should have, followed by a subsequent group of addressed data packets which are specifically directed to individual subscriber terminals. Each subscriber terminal stores three different session keys, one of which may not be changed and which is known as a default key. The head-end may change the session key used to encrypt the global packets from time to time whereby each subscriber terminal will sequence through its stored session keys in an attempt to decrypt received global packets. The stored session keys may be periodically updated by the cable head-end by downloading new session keys to subscriber terminals in individually addressed encrypted data packets. Since program tags and IPPV tags are included in the global packets, a subscriber terminal needs the correct session key in order to identify the program tag, which will be recalled, is essential for proper operation of his unscrambler.
In the system of the invention, the global data packets are alternately encrypted with two different session keys which, as will be described, enables secure and reliable operation of an impulse pay per view system despite the inability to poll all subscribers for determining the status of their authorization memories. As will be readily apparent, the method of alternately encrypting global data packets with two different session keys may be used to operate a subscription television system wherein subscriber terminals do not have provision for storing more than one session key.