The invention relates to a method for accessing protected content provided to a client device, wherein the client device decrypts the content using at least one control word provided by a server device. In the method, (i) the client device sends a request message to the server device, the request message including a nonce, and the client device stores the nonce; (ii) upon receipt of the request message, the server device generates a control word message based on the control word and the received nonce; (iii) upon receipt of the control word message, the client device determines the control word from the control word message and validates the control word message using the stored nonce; and (iv) the client device uses the control word to decrypt at least part of the content in response to a successful validation of the control word message. Moreover, the invention relates to a client device and a server device for carrying out the method.