To afford copy protection for information, e.g. elementary streams, from a service provider while in transit between a point of deployment (POD) module and a set-top box, the information is accompanied by control information pairs. The pairs are respectively associated with the portions of the copy protected information and are incorporated into a shared key calculation in the POD module and set-top box. The shared keys are used by the POD module and set-top box to encrypt and decrypt the information. Tampering with a control information pair, as by an intruder or hacker, prevents keys shared by the set-top box and POD module from matching. A mismatch prevents the set-top box from correctly decrypting information received from the deployment module.