DCI agreed to a proposed solution by the SMPTE Study Group on NIST Revisions and DCI for solving the dual certificate issue. The method shown last month was under consideration, but the proposal that’s moving forward is simpler with less impact. Rather than impose a change in the way KDMs are made, the accepted method simply records hashes of the two certificates, called thumbprints, in the Security Log report.
As you may recall, NIST rules are changing to now require newly approved media blocks to be designed with two certificates: one for use in decrypting the KDM, and a new certificate for use in creating secure TLS connections over Ethernet (typically to projectors) and for signing Security Logs. The method selected within SMPTE and by DCI will require no change in the manner in which KDMs are created and used. In fact, there is no impact on operation of equipment that is already FIPS-approved. However, where dual certificates are implemented, there is a requirement that Security Logs be generated and collected. If one thought that the expiration of the VPF payment period would lead to relaxed behavior on the part of studios regarding collection of security logs, this could change that.
The dual certificate change will be required in all media blocks that require re-approval (due to other design changes), or new media block designs that require a new approval. The chosen method for managing dual certificates is illustrated below:
More NIST-invoked changes are to come. The SHA-1 hash algorithm used in digital cinema digital signatures will be replaced with the newer and stronger SHA-256 algorithm. The mechanics of dealing with this change in the field have yet to be discussed. Assuming the change is required within the secure FIPS boundary, this could involve much more than a software upgrade in some media blocks. Modifications were made this month in draft versions of SMPTE documents to enact the change.
The third and last of the changes that will be caused by NIST is the DCI-specified random number generator used in generating encryption keys for content. This change will affect mastering houses, but not cinemas.