I will add to Andrew's comments. It is likely that there is hash function with time/date taken into account that is used by the box. Simply getting a response from the mothership "yeah, you have a subscription for this box" would not be secure enough; it could be faked if it were to be intercepted. It has to be more elegant than that. But I also agree that the keys do not just get shipped around all the time... >From a security perspective, this increases the data/info that can be used to break the key. I could be wrong.