Encrypt video broadcast with a master key pair. Then just continually broadcast the decryption key, encrypted for every customer individually, alongside. If there's a mysterious "activation" period after turning on the device initially, it's probably something like that. Rotate the master every so often to kick off users.
You can do neat things with key hierarchies to avoid this.
Group all your customers into leaves of a binary tree. 100 million customers is a tree ~27 levels deep.
Issue every customer a private key on a smartcard. Also generate keys for each node in the tree, and have the smartcard also preloaded with the keys from that customer to the root. (ie. 26 extra keys on the card - easy to store).
Now, whenever a customer leaks their key, you cut that customer out of the tree and regenerate all nodes up to the root. You transmit over the air, every few minutes, all the modified keys. Each new key is transmitted multiple times encrypted with the children of that node.
Now every legit keyholder either has the master key, or some set of keys that can decrypt the master key (as a combination of the keys on the card and the keys transmitted over the air). Any banned cardholders do not.
Using this method, even banning hundreds of keys, there won't be more than tens of thousands of keys that need to be transmitted over the air, even though you might have 100 million cardholders. That's very transmittable every few minutes, meaning that honest cardholders won't have to wait more than a few minutes for service, even if their tree-neighbour is a hax0r.
