• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer

mkpeReport

top analysis covering digital cinema, 3-D, HFR, and laser illumination

  • Reports
  • About
  • mkpe.com
  • cinepedia.com

DCI’s Next Steps with NIST

February 2011 by Michael Karagosian

DCI agreed to a proposed solution by the SMPTE Study Group on NIST Revisions and DCI for solving the dual certificate issue. The method shown last month was under consideration, but the proposal that’s moving forward is simpler with less impact. Rather than impose a change in the way KDMs are made, the accepted method simply records hashes of the two certificates, called thumbprints, in the Security Log report.

As you may recall, NIST rules are changing to now require newly approved media blocks to be designed with two certificates: one for use in decrypting the KDM, and a new certificate for use in creating secure TLS connections over Ethernet (typically to projectors) and for signing Security Logs. The method selected within SMPTE and by DCI will require no change in the manner in which KDMs are created and used. In fact, there is no impact on operation of equipment that is already FIPS-approved. However, where dual certificates are implemented, there is a requirement that Security Logs be generated and collected. If one thought that the expiration of the VPF payment period would lead to relaxed behavior on the part of studios regarding collection of security logs, this could change that.

The dual certificate change will be required in all media blocks that require re-approval (due to other design changes), or new media block designs that require a new approval. The chosen method for managing dual certificates is illustrated below:

dual-cert-media-block-sm
More NIST-invoked changes are to come. The SHA-1 hash algorithm used in digital cinema digital signatures will be replaced with the newer and stronger SHA-256 algorithm. The mechanics of dealing with this change in the field have yet to be discussed. Assuming the change is required within the secure FIPS boundary, this could involve much more than a software upgrade in some media blocks. Modifications were made this month in draft versions of SMPTE documents to enact the change.

The third and last of the changes that will be caused by NIST is the DCI-specified random number generator used in generating encryption keys for content. This change will affect mastering houses, but not cinemas.

Filed Under: Servers and IMBs, Technical Bodies, Trade Organizations and Shows Tagged With: DCI, NIST, SMPTE

Primary Sidebar

Search

Topics

  • 3-D
  • Accessibility
  • Alt Content & Advertising
  • Anti-Piracy
  • Color
  • Communications
  • Deployment Entities
  • Distributors
  • Exhibitors
  • Fulfillment
  • High Dynamic Range
  • Higher Frame Rates
  • Installations
  • Patents
  • Projectors
  • Servers and IMBs
  • Sound
  • Technical Bodies
  • Theatre Management Systems
  • Trade Organizations and Shows

Full Archives

a publication of
MKPE Consulting LLC

Footer

Important Stuff

  • About
  • Privacy Policy

Archives

  • Category & Monthly Archives
Archives date back to 2008.

MKPE

mkpeReport is a publication of MKPE, a world-class consultancy building business at the crossroads of cinema and technology.
Learn more about MKPE.

copyright © 2008 - 2022 mkpe consulting llc

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of all cookies.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
Powered by CookieYes Logo