CONDITIONAL ACCESS AND SECURITY FOR VIDEO ON-DEMAND SYSTEMS
Inventor: Michael C. Bertram
BACKGROUND OF THE INVENTION 1. Field of the Invention This invention relates generally to the field of video distribution networks. In particular, this invention relates to conditional access and security for video on-demand distribution networks. 2. Description of the Background Art Conditional access for digitally transmitted services satisfies at least two important goals. First, it protects the content from theft during transmission.. Second, it provides specific controls over which target devices may access and use the content. Three major digital video conditional access approaches currently exist in the marketplace. The GI Digicypher system from General Instruments and the SA Powerkey system from Scientific-Atlanta are used for digital broadcast services, primarily in the United States. DVB Common Scrambling Algorithm based systems are used primarily in Europe. Current practice for conditional access for digital broadcast services works well because of several attributes of broadcast services. These attributes include: 1) that digital broadcast services are usually comprised of a fairly small number of data streams (on the order of tens); 2) that digital broadcast services have many potential users of each data stream; and 3) that digital broadcast services can generally be pre-scheduled (this is true of both premium services and pay per view services) allowing authorization to be generated and distributed before they are needed. However, the current practice for conditional access for digital broadcast services does not work well for video on-demand services and systems. Video on-demand services have attributes which are quite different from the attributes of digital broadcast services. Problematic attributes of video on-demand services for conditional access systems include: 1) that video on-demand services use a large number of data streams (on the order of thousands); 2) that video on-demand services target data streams to individual users; and 3) that video on-demand services are not pre-scheduled.
Although the current practice for conditional access for digital broadcast services can be applied to video on-demand services, the different attributes discussed above lead to problems. For example, the current practices for conditional access typically are not designed to accommodate the generation and distribution of encryption keys and authorizations for thousands of services. Additionally, the generation and distribution time for on-demand authorizations is not fast enough to support timely decryption of video on- demand services. Therefore, there is a need for conditional access systems and methods for video on- demand services that protects the content from theft and controls access of target devices to the content.
SUMMARY OF THE INVENTION The present invention overcomes the shortcomings of the prior art and provides a solution to the conditional access and security issues presented above. In accordance with the present invention, a method for providing conditional access to video services for a plurality of subscriber stations comprises the steps of: authorizing the plurality of subscriber stations to receive the video services; receiving a first order for a first video service from a first subscriber station; and transmitting tuning data to the first subscriber station so that the first subscriber station is able to receive the first video service. In another aspect, the present invention is also directed to preventing theft of the content of transmissions with a method comprising the additional steps of: scrambling the first video service using a first key to generate a first scrambled video service; generating a de-scrambling message having scrambling data to allow de-scrambling of the first video service by the plurality of subscriber stations; transmitting the first scrambled video service to the plurality of subscriber stations; and transmitting the de-scrambling message to the plurality of subscriber stations. The present invention also includes a system that provides secure transmission and complete access control for target devices. Such a system includes a distribution center, a video-on-demand system, a transmission network and a plurality of target devices or subscriber stations. The video-on-demand system advantageously provides for scrambling of the transmission, transmission of de-scrambling messages, and access control. The target devices also include circuitry for communicating with the video server and de-scrambling the transmission and controlling access to video services.
BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a schematic diagram of a conventional video broadcast distribution network. Figure 2 is a flow chart of the prior art method for processing of the content at the distribution center and transmission to subscriber stations. Figure 3 A is a flow chart of the prior art method for receiving and processing a transmission at an authorized subscriber station. Figure 3B is a flow chart of the prior art method for receiving and processing a transmission at an unauthorized subscriber station. Figure 4 A is a schematic diagram of a video-on-demand system utilizing the present invention. Figure 4B is a block diagram of a subscriber station in the system of Figure 4A. Figure 5 is a flow chart of a preferred embodiment of the method for processing of the content at the distribution center and transmission to subscriber stations. Figure 6 A is a flow chart of a preferred embodiment of the method for receiving and processing a transmission at a subscriber station that has requested video-on-demand services. Figure 6B is a flow chart of a preferred embodiment of the method for receiving and processing a transmission at an subscriber station that has not requested video-on-demand services. Figure 6C is a flow chart of a method for receiving and processing a transmission at a non-subscriber station attempting to pirate video-on-demand services. Figure 7 is a block diagram illustrating the transmission of data and keys with respect to time according to the prior art. Figure 8 is a block diagram illustrating the transmission of data and keys with respect to time according to the present invention. Figure 9 is a block diagram illustrating a hybrid/fiber coax network and the use of keys per channel and program according to the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Throughout this description various terms are used to describe the invention. Unless modified by the following description, several of the terms are defined as follows: Scrambling comprises a method of protecting a data stream by transforming the value bits in the stream based on a given key. For the purposes of this disclosure, scrambling has the same meaning as encrypting. De-scrambling comprises a method of transforming data stream bits back to their original value based on the use of a key. For the purposes of this description, de-scrambling has the same meaning as decryption. A conditional access (CA) system is a system that generates keys, de-scrambling messages, and authorization messages supporting the scrambling and de-scrambling of, e.g., MPEG encoded programs. A descrambling message comprises a conditional access message containing de-scrambling information for a particular MPEG program. The de-scrambling information may be the de- scrambling key or the information a Set Top Box (or boxes) needs to generate or derive the de-scrambling key. An authorization message comprises a conditional access message authorizing a particular Set Top Box to use a de-scrambling key to de-scramble a particular MPEG program. Figure 1 is a schematic diagram of a conventional video broadcast network 100. The conventional video broadcast distribution network 100 typically includes one or more broadcast sources 102a, 102b, and 102c, one or more distribution centers 104, one or more secondary distribution networks 106, and a plurality of targets or subscriber stations 108a-i. The broadcast sources 102a, 102b, and 102c provided video and audio content for various channels in the broadcast network 100. For example, the broadcast sources 102a, 102b, and 102c include what are referred to as premium channels such as HBO, Showtime, Cinemax, etc. The sources 102a, 102b, and 102c may also be, for example, pay-per-view (PPV) channels. The sources 102a, 102b, and 102c are typically coupled via a primary distribution network (show as connector lines) to the distribution center 104. The distribution center 104 may be, for example, a cable head-end. The distribution center 104 receives the content from the broadcast sources 102a, 102b, 102c, and associates the content with channels and transmits the content over predetermined channels in the secondary distribution network 106. The distribution center 104 is coupled via a secondary distribution network 106 to the subscriber stations 108a-i. The secondary distribution network 106 comprises for example, various amplifiers, bridges, taps, and drop cables.
Finally, the subscriber stations 108a-i may be, for example, set-top boxes and associated television equipment for viewing the video content by end users. Referring now to Figure 2, the prior art method for preventing theft of the transmission data is shown. The cable distribution networks 100 of the prior art prevents theft by scrambling the signals before transmission. Figure 2 illustrates the processing of the video and audio signals (content) done at the distribution center 104 before transmission. In the prior art, the distribution center 104 sends or distributes authorization for pre-scheduled services to the individual subscriber stations 108 in step 202. Then at some later time, the distribution center 104 scrambles a pre-scheduled service in step 206 and at the same time generates a de-scrambling message in step 208. Next in step 210, the distribution center 104 sends the scrambled pre-scheduled service and the de-scrambling message over the network 106. Referring now to Figures 3A and 3B, the prior art method for processing the scrambled data at the subscriber stations 108a-i will be described. Figure 3 A shows the prior art method for receiving and processing a transmission at an authorized subscriber station 108a-i. In contrast, Figure 3B, shows the prior art method for receiving and processing a transmission at an unauthorized subscriber. These are the two general processing scenarios at the subscriber stations 108a-i provided with the prior art. Referring now to Figure 3 A, the processing at the subscriber station 108 begins in step 302 where the subscriber station 108 receives an authorization for pre-scheduled service over the secondary distribution network 206 from the distribution center 104. Parallel in time to, or even before or after step 302, the user inputs signals to a corresponding subscriber station 108 to tune the subscriber station 108 to the pre-scheduled service in step 306. Then in step 308, the subscriber station 108 receives the scrambled data for pre-scheduled service and a de-scrambling message. Once steps 302, 306, and 308 have been completed, the prior art process transitions to step 310. Now having received the necessary information from steps 302 and 308, the subscriber station 108 generates or derives the key using the de-scrambling message from step 308 if authorized. Next in step 312, the subscriber station 108 de-scrambles the pre-scheduled service using the derived key from step 310. Having de-scrambled the signal, the subscriber station 108 can display the pre-scheduled service on a display device of the subscriber station 108. As has been noted above, the key is used to control access by the respective subscriber station 108 to the content. Thus, a unique key is needed for each program, and each subscriber station 108a-I
must receive the authorization before the key to the program can be decrypted in the prior art. Referring now to Figure 3B, the processing that occurs when an unauthorized subscriber station 108 attempts to gain access to the content is illustrated. Figure 3B is a flow chart of the prior art method for receiving and processing a transmission at an unauthorized subscriber station. For ease of understanding like reference numerals have been used for like steps. Similar to the authorized case, the user inputs signals to a corresponding subscriber station 108 to tune the subscriber station 108 to the pre-scheduled service in step 306. Also in step 308, the subscriber station 108 receives the scrambled data for pre-scheduled service and the de-scrambling message. However, step 302 at the unauthorized subscriber station 108 are never completed. Rather as shown by the flow chart in step 316 the subscriber station 108 does not receive the authorization for pre-scheduled services. Therefore, the unauthorized subscriber station 108 is unable to perform step 310 and is unable to derive the key and de-scramble the signal for display in step 320. Thus, Figures 3 A and 3B show the importance in the prior art of having a fairly small number of data streams (on the order of tens) that have many potential users, and that digital broadcast services can generally be pre-scheduled allowing authorization to be generated and distributed before they are needed. Figure 4 is a schematic diagram of a system 400 utilizing the present invention. The present invention is directed to the addition of a video-on-demand system 402 and to providing conditional access and security in such a combined system 400. Again, for ease of understanding like reference numerals have been used for similar elements with the same functionality. The combined system 400 preferably comprises one or more broadcast sources 102a/b/c, one or more video-on-demand (VOD) system 402, a distribution center 104, a VOD content server 404, a session manager 406, a transport multiplexer 410, a conditional access system, a secondary distribution network 106 and a plurality of subscriber stations 408a-408i. An exemplary such video-on-demand system 400 is described in pending U.S. Patent Application Number 08/984,710, filed December 4, 1997, and entitled "System for Interactively Distributing Information Services," the disclosure of which is incorporated herein by reference. The following description will focus on differences from such a system. As noted above, the combined system 400 differs from the prior art of Figure 1 by providing video-on-demand data streams. To provide such functionality, the system 400
has a plurality of VOD systems 402 to provide the content as requested by the subscriber stations 108a-108i in addition to the broadcast sources 102 used in traditional cable networks to provided video and audio content for various channels. The VOD system 402 for example may include various movies that may be requested by the user. The available number of movies to the subscriber stations 108a-108i can be in the thousands. Both the broadcast sources 102 and the VOD system 402 are coupled to provide their content to the distribution center 104, preferably via a primary distribution network. The VOD system 402 preferably comprises a content server 404, a session manager 406, a transport stream multiplexer/scrambler 410 and a conditional access system 412. The content server 404 stores the video content such thousands of movies, and in response to signals from the session manager 406 provides the video content to the transport stream multiplexer/scrambler 410. The session manager 406 controls the content server 404, the transport stream multiplexer/scrambler 410 and the conditional access system 412 in response to user requests. The session manager is coupled to each of these devices for sending control signals. The session manager 406 is also coupled to each subscriber station 408 by a out of band communication channel 420 to receive input from the subscribers. Although only one such path is shown in Figure 4A, it should be understood there is such a coupling for each subscriber station 408a-i. In response to signals from the session manager 406, the conditional access system 412 sends control signals, encryption keys and authorization messages to the transport stream multiplexer/scrambler 410. As will be known to those skilled in the art, multiple commercial vendors offer conditional access systems compatible with conditional access messaging defined by the MPEG-2 standard that could be used for conditional access system 412. The transport stream multiplexer/scrambler 410 send the content and control signal in both scrambled and not scrambled format to the distribution center 104. The session manager 406 also instructs the transport stream multiplexer/scrambler 410 which channels and program ID to use when transmitting the content.
The distribution center 104 is similar to that described above with reference to Figure 1. The distribution center 104 transmits the typical broadcast content, but also transmits the content, access and communication necessary for VOD services. For example, the VOD system 402 may provide the functionality as described in U.S. Patent Application Serial No. 08/984,710, filed December 4, 1997, entitled "System for Interactively
Distributing Information Service" which is incorporated herein by reference. The distribution center 104 is coupled to the secondary distribution network 106. Those skilled in the art will recognize that distribution center 104 of the present invention differs from the prior art in the following respects. First, the streams transmitted include both the typical broadcast content (A) but also video-on-demand services (B) as shown in the Figure 4. Second, the coupling of the distribution center 104 to the secondary distribution network 106 provides a return channel (shown by dotted line 420) for sending signals from the subscriber stations 408a-i to the VOD system 402, in particular, the session manager 406. Third, the VOD services are provided on channel resources that are re-used and reallocated to different subscribers, and the subscriber station requires tuning information to access the VOD services. Finally, that there is processing by the VOD system 402, and communication between the VOD system 402 and the subscriber stations 408, as will be described above with reference to Figures 5-6C, to enforce transmission security and access. The distribution center 104 and the VOD system 402 are coupled via a secondary distribution network 106 to the subscriber stations 408a-408i. The secondary distribution network 106 comprises for example, various amplifiers, bridges, taps, and drop cables. The subscriber stations 408a-408i are, by way of example, set-top boxes and associated television equipment for viewing the video content by end users. In the present invention, the subscriber stations 408a-408i or set-top boxes differ from the prior art in that they included added functionality in the form of programs downloaded or stored in ROM that provide the functionality described below with reference to Figures 6A-6C. More specifically, the programs provide method for ensuring that access to the VOD services are authorized and that does not suffer from the above-identified shortcomings of the prior art. Referring now to Figure 4B, one exemplary embodiment for a subscriber stations 408 is shown. Each subscriber station 408 preferably comprises a tuner/de-multiplexer 450, a controller 452, a de-scrambler 454, a key generator 456, a video decoder 457, and a display device 458. Basically, the tuner/de-multiplexer 450 tunes to a particular frequency and program ID in response to signals from the controller 452. The tuner/de-multiplexer 450 monitors the channels and extracts the signals for the identified channel. The tuner/de- multiplexer 450 also extracts control information from the channel and provides it to the controller 452 and the key generator 456. General control signals, tuning information, and other communication with the session manager 406 are provided to the controller 452. . The tuner/de-multiplexer 450 also extracts and provides entitlement management messages
and entitlement control messages to the key generator 456. For example, the key generator 456 may be a smart card coupled to the subscriber station 408 or may be ROM included in the subscriber station 408. Using the EMMs and the ECMs, the controller 452 enables the key generator 456 to derive a key that is sent to the de-scrambler 454 to de-scramble or decrypt the video content. Once de-scrambled, the video streams are presented to the video decoder 457 that converts the MPEG streams to an video analog signals. The analog signals are then presented to a display device 458. It should be noted that while the methods of the present invention will now be discussed in the context of a video distribution system for cable networks, the present invention is applicable to any variety of video distribution system whether is uses cable or some other media for distribution such as but not limited to a satellite system, a digital subscriber line system, and a microwave system. Referring now to Figure 5, a prefeπed embodiment of the method for processing of the content at the distribution center 104 and transmission of the content to subscriber stations 408 according to the present invention is shown. The method begins in step 501 by configuring the conditional access system 412 to scramble all the VOD programs as scrambled broadcast services. In other words, the VOD services are provisioned to be scrambled all the time. This is preferably done prior to the authorization of any subscribers to the VOD services. The programs are also scrambled independent of any particular content carried on the VOD streams. This is particularly advantageous because it addresses the problem that the VOD services are not pre-scheduled. Next in step 502 at least one subscriber station 408 is authorized for all VOD services. More preferably, the present invention authorizes all subscriber stations 408 connected to the network for all VOD services. This authorization is preferably accomplished by having the server 404 send the authorization to the all subscriber stations 408. An authorization message is a message authorizing a particular subscriber station to use a de-scrambling key to de-scramble a program. More specifically, authorization of the subscriber stations 408 is performed by sending an entitlement management message (EMM) from the distribution center 104 to each of the subscriber stations 408. This step 502 is preferably performed at initialization of the communication between a particular subscriber station 408 and the system 400. At some later point in time after step 502 has been performed, the method proceeds in parallel to steps 512, 506, 508. Since the system 400 provides the streams of video data in response to a request from respective subscriber station 408. The duration between step
502 and the other steps 512, 506, 508 can vary significantly for each subscriber station 408 and may be any length of time. In step 512, using the return channel unique to the VOD system 400, the VOD system 402 and distribution center 104 receives a request or order for VOD services from a particular subscriber station 408. Next in step 514, responsive to the request, the VOD system 402 and distribution center 104 sends tuning data to the individual subscriber 408. This preferably accomplished by sending the frequency and MPEG program number by reference or value using the VOD downstream communication control path. The actual information for tuning to the channel may be provided or this virtually may be done by providing a index to a table at the subscriber station 408 that is used to look up the value in a table. This feature of the present invention is particularly advantageous because it solves the problem presented VOD services of targeting data streams to individual users. In broadcast systems, the tuning information is know by the user, can be used to tune to the program and cannot be used to control access. However, in the present invention, since different program streams are targeted to different users, the transmission and use of the tuning information as described above permits the targeting of particular programs streams to particular users as was not possible in the prior art. In step 506, the VOD system 402 and distribution center 104 scrambles or encrypts the streams of the VOD service; and in step 508, the VOD system 402 and distribution center 104 generate a de- scrambling message for producing the key for decoding the streams of the VOD service. The de-scrambling message preferably includes data that can be used by the subscriber station 408 to derive or generate the key. The de-scrambling message preferably takes the form of an entitlement control message (ECM) in the MPEG protocol. The present invention preferably uses the same key or key set for a number of programs. Then in step 510, the distribution center 104 transmits the scrambled VOD service and the de-scrambling message over the secondary distribution network 106. This completes the processes of the present invention at the distribution center 104. As has been described above, the security of the content being distributed is maintained by the present invention using scrambling or encryption. Any one of the various and conventional encryption methods could be used. It should be noted the present invention is particularly advantageous because the system 400 uses the same keys for all subscriber stations 408. Thus, even with thousands of subscribers, the distribution of the keys is not problematic. In other words, the keys are used to protect against theft of the transmission signal but are not use to control or prevent access by a subscriber station 408. While the present invention uses multiple keys for
groups of subscribers, the present invention avoids the problem of the prior art of requiring a key for each subscriber station 408 connected to the network 106. Referring now to Figures 6A-6C, the various processes that may occur at the subscriber stations 408 will be described. With the method of the present invention, there are three possible scenarios: an authorized user ordering VOD service, a subscriber not ordering VOD service, an attempt to pirate or steal VOD service. Referring particularly to Figure 6A, the prefeπed method for receiving and processing a transmission at a subscriber station 408 that has requested video-on-demand services will be described. The process begins in step 608 with the user inputting an order for VOD services, and the respective subscriber station 408 receiving input and generating an order for VOD services that is sent over the back channel to the video VOD system 402. Then in step 610, the subscriber station 408 receives tuning data indicating both which channel of a plurality of pre-defined VOD channels the content will be transmitted on and which PIDs (program identification numbers) the content will be marked with. The PIDs are selected by the session manager 406 and sent by value or by reference to the server 404 and the subscriber station 408. The sever 404 preferably provides the requested program on an available channel and the PIDs are included in the header of all packets sent on a stream and associated with the program. Then in step 612, the subscriber station 408 tunes to the channel specified by the tuning data from step 610. Next in step 606, the subscriber station 408 receives the scrambled or encrypted VOD service and the de-scrambling message in step 606 responsive the execution of step 510 by the distribution center 104. After step 606, the method continues in step 614. However, prior to step 614, the subscriber station 408 performed step 602 to receive authorization for all VOD service. The subscriber station 408 performs step 602 responsive to step 502, and need perform step 602 only once upon initialization, and long before step 614. Such information would be stored at and by the subscriber station 408. Then in step 614, the subscriber station 408 uses the de-scrambling message, namely the decryption data, to derive or generate the key for de-scrambling the content. Next in step 616, the key is used to de-scramble the VOD service. Finally, in step 618, the subscriber station 408 decodes the signal and displays it the VOD on an associated display device. It should be noted that access to the VOD service is controlled in two ways. First, requiring the key for decryption protects all content of the VOD service. Second, the access to the VOD service for a particular subscriber station 408 is controlled by the VOD
system 402 that controls whether the subscriber station 408 knows which channel is being used to provide the VOD service, thus, to which the subscriber station 408 must tune. Those skilled in the art will recognize that additional keys may be used to provide additional levels of security. For example, at a later time a second key may be substituted for the first key, where the first key and the second key are both members of a first set of keys, and where the decryption data is usable to decrypt each member of the first set of keys. These and other modifications to the general methods described above with reference to Figures 5 and 6A are contemplated by the present invention. Referring now to Figure 6B, the case where a subscriber station 408 has not requested video-on-demand services will be described. Figure 6B illustrates the processing that occurs at the subscriber station 408 when no service has been requested. As shown, the subscriber station 408 performs step 602 as do all subscriber stations 408 to become authorized for VOD services. However, since no service has been ordered, the subscriber station 408 will not send a request for VOD service to the VOD system 402 in step 620, and therefore, will also never receive the necessary tuning data in step 622. Thus, any attempts in step 624 to get the VOD service without notifying the video VOD system 402 and thus not be charged is not possible. Figure 6B, most clearly shows that it is the failure to provide tuning data in the present invention that prevents a authorized subscriber station 408 that has not ordered the VOD services from decoding the VOD services signal. Referring now to Figure 6C, the processing that occurs at the subscriber station 408 when a non-subscriber attempts to pirate video-on-demand services will be described. The non-subscriber by definition will not receive the authorization in step 628. Since the subscriber station 408 is a non-subscriber there will have been no initialization and not received the authorization in step 628. Nonetheless, the non-subscribing station 408 may through illegitimate means determine the tuning data in step 626. Then in step 612, the non-subscribing station 408 could tune to the channel having the VOD services. Next in step 606, the non-subscribing station 408 receives the scrambled VOD services and the de- scrambling message. In step 632, the non-subscribing station 408 will attempt to derive or generate the key, however, it does not have the authorization and data necessary to derive the key, and therefore will be unable to de-scramble the VOD services. Thus, the lack of the authorization and thus the key provides the protection against theft of the VOD services. The differences between the claimed invention and the prior art are further highlighted by Figures 7 & 8. Each Figure shows the distribution of keys for controlling
access to the video content provided by the distribution center 104. Figure 7 is a block diagram illustrating the transmission of data and keys with respect to the transport stream such as MPEG according to the prior art. As shown in Figure 7, for each program, the prior art sends a different key associated with the program, and thus, controls access to the program. In other words, each subscriber station 408 is enabled to access the program depending on whether the subscriber station 408 has received the key coπesponding to the program. In the prior art this is not problematic because there are relatively few programs. In contrast in VOD services, there may be thousands of programs, and if each required a separate key, the distribution of the keys themselves would cause failures making the programs not accessible to the subscriber stations 408. In contrast and as shown in Figure 8, the methods of the present invention do not use the keys to control access to the programs, and do not require a separate key set for each program. As can be seen in Figure 8, a single key or key set is distributed to all subscriber stations. This key or key set is then used for all programs. This greatly reduces the control traffic over the network 106, and is particularly advantageous for VOD services where the thousands of programs requiring a separate key for each subscriber station are not possible. Referring now to Figure 9, the advantage of the present invention in using one or a smaller set of key is shown. Figure 9 is diagram for a hybrid fiber/coax network 900 including a headend 902, plurality of nodes 904 providing a plurality of channel 906 each having a plurality of programs 908. Figure 9 illustrates the use of the same key for each channel. In such a case, the number of keys to be distributed is reduced by a factor of n. Where n is the number of programs 908 per channel or frequency. In the prefeπed embodiment for the system described above this an 8:1 reduction in the number of keys needed. Similarly, this concept can be extended to used one key for groups of channel, or even one key for each node. Thus, the present invention ensures that the distribution of keys is not a obstacle to providing the conditional access desired. Thus, in summary, the present invention uses the mechanisms of (1) scrambling, (2) authorization messages and (3) tuning to control access. The subscriber station 408 requires all three to be able to receive and de-scramble signals transmitted over the network 106 to the subscriber station 408. The present invention, however, minimizes traffic over the network 106 by using the same encryption decryption keys for the channels; and sending authorization messages upon initialization. Therefore, even though there are thousands of
programs each being sent to individual subscriber, conditional access is maintained with nominal impact on network bandwidth. It is to be understood that the specific mechanisms and techniques that have been described are merely illustrative of one application of the principles of the invention. For example, while the present invention is described in application to a video on-demand system, it also has some application in other point cast on-demand services such as data. Numerous additional modifications may be made to the methods and apparatus described without departing from the true spirit of the invention.