Danny Jeremiah, AAM's Head of Cinema Products, recently contributed an article to Cinema Technology Magazine providing some context around the history of KDMs and exploring how the industry can collaborate to improve them. We have re-posted it here with permission for our readers.

    Key Delivery Messages, more commonly known as KDMs, play a crucial part in securing digital cinema content. They have been a daily part of cinema operators’ lives since the digital switchover over a decade ago. They are also one of the main causes of lost shows, often on Friday mornings when new releases get their first play. From personal experience, even when shows go ahead, KDMs still have heightened stress to answer for. Tens of millions of them are created each year, so why do they still cause cinema exhibitors and content distributors such a headache?

    In the mid-2000s the Digital Cinema Initiatives (DCI) group laid out specifications to standardise the quality and security of digital cinema content. It specified that assets (the picture and audio files which make up the movie) be encrypted to AES-128 standards. Even at the rate technology has been moving, the world’s fastest computer would still need millions of years to crack just one of these keys, demonstrated by the fact that there are no examples of a DCI-compliant movie file being hacked.  

    Only the master key used to encrypt the video and audio data can restore it back to its original form and make it playable; and that key is kept secure by the content mastering house.  This, however, presents a problem. If the decryption key is sent to one cinema, they could very easily send it on to any other and they could decrypt the content too, without the content owner’s permission. You’d have to have a completely secure supply chain all the way from the content services company to the cinemas playback device (SMS), which just isn’t feasible.

    The solution to this problem is to encrypt that master key again. RSA-2048 encryption, a clever asymmetric cryptography method, is used to ensure that only the intended recipient can unlock the assets. There are two parts to this type of encryption: a public key and a private key. The master key is encrypted by the content services company using the target SMS’ public key.  The master key can then only be restored by using the corresponding private key, and that process happens deep inside a secure part of the SMS.

    It is these device-specific encrypted keys that are contained in a KDM. The beauty of this system is that the KDMs themselves don’t need to be kept safe like the master key. Additionally, the same Digital Cinema Package (DCP), the files which make up the digital ‘print’, can be sent to any cinema in the world, greatly simplifying the logistics of content distribution.

    However, there are some usability trade-offs that we as an industry have found difficult to mitigate to this point.

    The first trade-off is that in order to generate a KDM for a given cinema screen you need to know which SMSs are located in that screen. That isn’t a problem on a small scale - you can just ask the cinema to look up the device’s serial number - but scale that to the 160,000+ digital cinema screens in the world and just maintaining those records becomes a full time job.

    Trusted Device Lists (TDLs) are the ‘address books’ kept by mastering houses like Motion Picture Solutions and Deluxe Technicolor Digital Cinema (DTDC) that detail the serial numbers and locations of every server they know about. For the most part TDLs are still maintained manually, relying on cinemas and integrators to send in updates when a new screen is built or an SMS is swapped out.

    Sometimes, despite everyone’s best efforts, incorrect TDL information leads to frantic last-minute calls to get a new KDM issued before the show is lost. Unfortunately, at times this happens too late, and audiences are left disappointed. Understandably, those companies who have invested time into building their own TDLs see them as their intellectual property and are therefore unwilling to share their data with third parties, which means that sometimes a cinema will get KDMs for the correct device from one vendor but not from another.

    An attempt was made several years ago to create an industry-wide ‘master’ TDL through the MovieLabs project.  For various reasons, including the industries’ aversion to single entities acting as gatekeepers, that project never got past the planning stage.  

    The second major problem surrounding KDMs is their method of delivery. The early days of DCI anticipated that the whole system could be automated by connecting SMSs to the internet so they could, via a URL contained in the DCP metadata, download their KDMs automatically. For many reasons a system like this has never come to fruition, and to this day the overwhelming majority of KDMs are delivered by email.

    These emails are then either copied onto a USB drive, or forwarded to an exhibitor’s Theatre Management System (TMS) which will then deliver them to the SMS. For the most part this system works, but there are some risks attached and there is a major blind spot - once a service provider has sent a KDM, they have to trust that it will find its way to the correct device. If there is an issue with the KDM, they will only know about it if the cinema contacts them.

    Earlier this year Arts Alliance Media (AAM) and DTDC announced the industry’s first collaboration between a content services provider and a cinema software solutions company for the automated creation of TDLs and delivery of KDMs. This solution addresses the two major pain points I’ve discussed above and aims to remove the burden on cinema staff when it comes to discovering and rectifying KDM issues.

    Through ScreenConnect, AAM’s purpose-built connection between playback equipment and our cloud platform, DTDC get up-to-the-minute data on which devices are located in which screens to populate their TDL. This information is provided in the SMPTE standards-compliant FLMx format which has also been adopted by Qube Digital Cinema.

    As more and more exhibitor sites make their metadata available via FLMx standards-compliant feeds it will become easier for distributors and content services providers to maintain their TDLs without today’s manual paper-based solutions, ultimately minimising the chance of lost shows due to incorrect or incomplete data about what devices are at which sites. With these two innovations from Qube and AAM hitting the market the signs are good that manually updated TDLs will, one day, be a thing of the past.

    In addition to FLMx, the AAM integration with DTDC handles both KDM delivery and reporting via API, a machine-to-machine communications protocol that completely automates KDM deliveries for exhibitors.

    DTDC provides AAM with the KDM which is then delivered directly to exhibitor SMSs using ScreenConnect via our Screenwriter TMS. A delivery confirmation is returned to DTDC, indicating whether the KDM has reached the intended device, so that DTDC can proactively resolve any issues. DTDC’s systems are in turn connected back to their studio-customer’s booking systems, giving the studios peace of mind that their audiences are going to get the experience they’re hoping for without any technical problems standing in the way.

    Solutions like these show what we can achieve when we start to collaborate, and automating background processes, like KDM delivery, is really only the tip of the iceberg.

    There is huge potential for turning cinema into a more dynamic industry if the digital playback equipment that has already been installed around the world is connected. We could create hubs of data and build networks that foster connections across the industry to provide studios, exhibitors and suppliers alike the insights we need to make us all more responsive to the market.

    Essentially, the better all of our systems communicate with each other, the faster we will be able to understand what audiences want, and the faster we will be able to deliver that experience. A single software solution on its own can’t do that, but partnerships like DTDC and AAM’s are starting to connect cinema screens into a global ecosystem that promotes that kind of flexibility. If similar partnerships form across the industry, it will reveal not only how we can optimise getting content onto screens, but empower cinemas with the data, resources, and tools they need to successfully compete for audiences’ attention in today’s crowded landscape.


    Troubleshoot your KDM errors

    How cinemas can use their technology to work smarter, instead of harder

    How cinemas can use their technology to work smarter, instead of harder
    By Alessandra Skarlatos, Marketing Manager at Arts Alliance Media

    7 minute read

    Reaching 100% SMPTE DCP- what does it mean for cinemas?

    Reaching 100% SMPTE DCP- what does it mean for cinemas?
    Danny Jeremiah, AAM's Head of Cinema Products, recently contributed an article to Cinema Technology Magazine about the benefits standards like the...

    7 minute read

    Should cinemas sell their data or share their insights?

    Should cinemas sell their data or share their insights?
    Danny Jeremiah, AAM's Head of Cinema Products, recently contributed an article to Cinema Technology Magazine exploring the differences between...

    6 minute read

    Subscribe to our blog