ISDCF didn’t meet this month, but work behind the scenes on Trusted Device List (TDL) began to take shape as various proponents took steps to move the discussion forward.
Industry-wide, competitive security key management, of which TDL management is one part, relies upon a few factors that don’t exist today: the ability for competitive entities to identify a theatre using a global ID, and the ability to package and deliver the data using shared methods. For the last method, SMPTE does have the standardized Facility List Message (FLM), but the means to carry it and Key Delivery Messages (KDMs) over networks has yet to be standardized. Recognizing this need, ISDCF has had a task group for a year now developing what is called the Cinema Control Message, or CCM. While not brilliantly named, it’s designed to perform as an envelope for FLMs and KDMs.
The theatre identifier has a few requirements. Ideally, we will create technology that enable multiple business models. In this regard, the theatre identifier must be managed by only one entity, but that entity might not always be the exhibitor.
The form of the identifier generally agreed to within the small circle of developers was first proposed by MKPE through NATO as a combination of names. The first name is globally unique, which means that no one anywhere in the world will be able to claim an identifier already in use. This is most easily accomplished by using internet domain names. The second part is defined by the “name manager,” i.e., the business entity that manages the ID. The name manager could be Deluxe, as an example, should one or more exhibitors be willing to hire Deluxe to perform this role, most likely in combination with related services to security key delivery. In such a case, one ends up with a unique name that looks like this:
The text “urn:x-facility” puts the identifier into a standardized form according to worldwide data management practice. According to the convention that would be set up by the cinema industry, Joe’s Cinema is the name of the circuit, and Denver 16 is the name of the complex. Because ByDeluxe.com precedes this identifier (the domain name used by Deluxe), everyone knows that Deluxe is the name manager and can provide authoritative information about this complex. Had RegalCinemas.com been the first name in the identifier string, then it would be known that Regal is the name manager and the authority behind the name.
Fox, which does not participate in SMPTE and is a rare participant in ISDCF, is proposing a different set of solutions. They have proposed an early workaround adopted by Cinedigm, at a time when there were no standards. In this workaround, Cinedigm uses a random naming method called Universally Unique Identifiers, or UUID, to identify screens. An example of a UUID:
This scheme only works as long as Cinedigm is the name manager. Once two name managing entities begin to use the UUID, chaos begins. There is no way to know who the authority is behind the name.
A simple 3-step proposal has been made to move forward with productive key management methods:
1) Socialize among exhibitors a manual process for communicating digital certificate information to those who need it to produce security keys.
2) Require server manufacturers to produce software tools for generating FLMs in a complex. (These could be emailed by the exhibitor to others.)
3) Implement the CCM to handle the movement of both KDMs and FLMs between business parties.
ISDCF meets the Wednesday of the first week of September, with a preliminary meeting on TDL to be held Tuesday morning. Progress will be detailed in next month’s report.