This section describes a mechanism for protecting the interface between the user renewable conditional
access module (POD) and the STB. The mechanism is simple yet secure, and lays the foundation for
incorporating evolutionary improvements in the security of STBs, PODs, and key management
infrastructures. The mechanism incorporates the following design principles: Localization of vulnerability,
so security is a property of the integrity of the two communicating device (i.e., no universal secrets that
enable the pirate to leverage off of the compromise of a third device); cryptographic protection of data; IP
protected functionality that enables the legal prosecution of circumvention devices; and the fresh
authorization of devices by means of the bi-directional communication inherent in cable systems.