Danny Jeremiah, head of cinema products at Arts Alliance Media, gives a glimpse into an automated future for KDM delivery — and data collaboration
Words: Danny Jeremiah
Key Delivery Messages, or KDMs, play a crucial part in securing digital cinema content. They have been a daily part of cinema operators’ lives since the digital switchover over a decade ago. They are also one of the main causes of lost shows, often on Friday mornings when new releases get their first play. From personal experience, if it’s not lost shows, then at the very least they have heightened stress and anxiety to answer for. Tens of millions of them are created each year, so why do they still cause exhibitors and content distributors such a headache?
In the mid-2000s the Digital Cinema Initiatives (DCI) group laid out specifications to standardise the quality and security of digital cinema content. It specified that assets (the picture and audio files which make up the movie) are encrypted to AES 128 standards. Even at the rate technology has been evolving, the world’s fastest computer would still need millions of years to crack just one of these keys.
Only the master key used to encrypt video and audio data can restore it back to its original form, making it playable; and that is kept secure by the content mastering house. This presents a problem. If the decryption key is sent to one cinema, they could easily send it on to any other and they too could decrypt content, even without the content owner’s permission to do so. You’d have to have a completely secure supply chain all the way from the content services company to the playback device, which just isn’t feasible.
The solution to this is to encrypt that master key again. RSA2048 encryption, a clever asymmetric cryptography method, is used to ensure that only the intended recipient can unlock the assets. There are two parts to this type of encryption — a public key and a private key. The master key is encrypted by the content services company using the target playback devices’ public key. You can only restore the master key by using the corresponding private key. That happens deep inside a secure part of the playback device.
These device-specific encrypted keys that are contained in a KDM. The beauty of this system is that the KDMs don’t need to be kept safe like the master key; the same Digital Cinema Package (DCP) can be sent to any cinema in the world. What are the chances of breaking RSA 2048? Well the 2048 refers to the size of the number in the key, which means it is an integer larger than 22047.
There are some usability trade-offs we as an industry have found difficult to mitigate until recently. The industry is averse to gatekeepers, such as one single organisation managing a global Trusted Device List (TDL), and companies that have invested time building their own TDLs see them as intellectual property. TDLs are ‘address books’ maintained by mastering houses such as Motion Picture Solutions and Deluxe Technicolor Digital Cinema that detail serial codes of every server and projector that they know about.
Understandably, the biggest KDM generators see value in their TDL information. It is hard for new competitors to enter the market, and for small distributors who may be unwilling or unable to use one of the bigger mastering houses for their needs.
The first trade-off is that in order to generate a KDM for a given cinema screen you need to know which playback devices are located in that screen. That isn’t a problem on a small scale, you can ask a cinema to look up a device’s serial number. Scale that to the 160,000+ digital screens in the world and simply maintaining those records becomes a fulltime job. TDLs are, on the whole, maintained manually, relying on cinemas and integrators to email updates when a new screen is built or a playback device is swapped out. Despite best efforts, incorrect TDL information can lead to frantic last-minute calls to get a KDM issued before a show is lost. Unfortunately, at times this happens late, shows are lost, and audiences are left disappointed.
The second major problem surrounding KDMs is their method of delivery. In the early days of DCI it was envisaged that playback devices (SMS) would all connect to the internet and, via a URL in the DCP metadata, would download KDMs automatically, removing the need for human intervention. This has never come to fruition and, to this day, the overwhelming majority of KDMs are delivered by email.
These emails are either copied to a USB drive, or forwarded to a Theatre Management System (TMS) which will then deliver them to the SMS. Mostly this works, but there are risks attached and there is a blind spot — once a service provider has sent a KDM they have to trust it will find its’ way to the correct device, they will only be alerted to problems if they are contacted.
Arts Alliance Media (AAM) and DTDC this year announced the first collaboration between a content services provider and cinema software solutions company for automated creation of TDLs and delivery of KDMs. This addresses the two major pain-points discussed above and aims to remove the burden on cinema staff of discovering and rectifying KDM issues.
Through ScreenConnect, AAM’s purpose-built connection between playback equipment and our cloud platform, DTDC get up-to-the-minute data on which devices are located in which screens to populate their TDL. This information is provided in SMPTE standards-compliant FLMx format which has also been adopted by Qube Digital Cinema with its Qube Wire product.
As more and more exhibitor sites make metadata available via FLMx standards-compliant feeds, it will be easier for distributors and content services companies to maintain TDLs without today’s manual solutions, ultimately minimising the chance of lost shows due to incorrect or incomplete data. In addition to FLMx, the AAM integration with DTDC handles both KDM delivery and reporting via API, a machine-to-machine communications protocol that completely automates KDM deliveries for exhibitors. With such innovations hitting the market signs are good that manually updated TDLs will soon be a thing of the past.