How Digital Cinema Works

Security

Security is perhaps both the most important and least understood aspect of digital cinema. Adding to the challenge is the uniqueness of the cinema business, making it difficult to borrow a security model from another industry.

Certainly, the encryption and decryption of content is not a major challenge. There is agreement that movies will be symmetrically encrypted using the strong, public encryption algorithm called AES (Advanced Encryption Standard), using 128-bit keys. The handling of security keys, however, must meet the needs of both content owners and cinema owners, which is the challenge to be met.

With film, a print is sent to the theatre contracted to show the movie. The exhibitor is essentially entitled to play the movie by receiving the print. In digital cinema, this entitlement is transferred through receipt of both the digital print and the security key. A new element is introduced in digital cinema, however, by allowing the security key to only work on specific equipment. There is no parallel for this limitation in the film industry.

From a business operations viewpoint, the cinema owner requires that the movie be capable of playing on all screens. To understand this requirement, we use the analogy of comparing screens in a multiplex theatre to shelf space in a grocery store. The grocery store owner needs to maximize profit, and so naturally places sufficient quantities of popular products at eye level, rather than in a less immediate location. For the exhibitor, popular products are moved to large screens, if not multiple screens, and less popular products moved to smaller screens. Distributors negotiate up-front for best placement, but the cinema owner must balance that placement with demand to maximize income. Thus, movies have to be freely moved within each complex. This is an important point which requires a solution unique to the cinema industry.

All secure devices in a Presentation system will have a factory-installed digital certificate. These certificates will contain both a private and public key, in the manner of public key encryption. If handled properly, the private key will never be exposed to other machines or seen by human eyes. The public key, as the name suggests, is not secret information, and can be freely distributed. Information encrypted using the public key can only be decrypted by the private key.

To send the movie key to the theatre, it must first be encrypted to protect it. The encryption to be used will be RSA public key encryption, utilizing the public key of the device that will decrypt it. Thus, to enable 10 screens to play a movie in a multiplex, 10 key-sets must be sent. The message used to send each key-set is called a Key Delivery Message, or KDM. In the System-Level Interoperability diagram, we can identify the Security interface as the KDM, along with the protocols required to identify the public keys of the Presntation system.

Sending the right keys to the right location requires a significant effort to keep track of the equipment in each theatre complex. This is no small task, as equipment can be moved to another location, repaired, or replaced. Without the right keys, equipment cannot play the movies for which the theatre complex has contracted. In practice, exhibitors will have to manage the task of providing Key Fulfillment Services with updated equipment lists.

The device for communicating equipment information to a Key Fulfillment Service is called the Facility List. Based on the certificate public keys provided in the Facility List, a suite of KDMs (or a single KDM containing all keys for a complex) will be created and sent to the exhibitor. Of course, the Key Fulfillment Service that sends the keys will have the opportunity to check the public keys to make sure that they're valid. They can do so with the aid of the Certificate Authority at which the root certificate for each key is registered.

The communication of both Facility List and KDM is shown below.

Security keys in the consumer space are accompanied by Digital Rights Management (DRM). In the business-to-business relationship between distributors and exhibitors, sophisticated DRM is not needed. In digital cinema, the security key will have one "dark screen rule", that being the engagement time window. If the key is attempted to be used outside of the engagement time window, the movie won't play, i.e., the screen will be dark. Other situations, however, can also create dark screens. The nature of how dark screens may occur, and the extent to which the security system governs this behavior, remains a topic of discussion among the involved business parties.

Of course, none of this prevents the simplest and most common form of content theft by means the ubiquitous camcorder. However, both image and audio content can be uniquely marked in digital theatres such that camcordered content can be traced to the location of theft. This may not catch theft in progress, but it can identify patterns which can aid law enforcement officials. The ease by which such Forensic Marking can be applied is a benefit of digital cinema.

An area related to security is the logging of events. In particular, secure logging of events related to the use of security keys is important to content owners, who may wish to review such logs following forensic analysis of stolen content. More about security logs in our next topic.

Next: Back Office / Theatre Operations