Key Delivery Message (KDM)


Definition

A Key Delivery Message (KDM) is an encrypted control file used in digital cinema systems to enable playback of encrypted Digital Cinema Packages (DCPs). It provides the keys required to decrypt the audio and video content on authorized playback systems.


Purpose

The KDM is used for access control and rights management:

  • Prevents unauthorized playback
  • Restricts usage to specific time windows
  • Binds content to specific playback devices

How It Works

Typical workflow:

  1. A DCP is created in encrypted form.
  2. Each cinema system has a unique certificate (public key).
  3. A KDM is generated for that certificate.
  4. The KDM contains:
    • Decryption keys (content keys)
    • Validity period
    • Target device (server certificate)
  5. The cinema server verifies:
    • KDM validity
    • Certificate match
  6. If valid, playback is enabled.

Technical Structure

A KDM is an XML-based file that is cryptographically signed and encrypted.

ComponentDescription
Content KeysKeys used to decrypt media
Validity WindowStart and end time for playback
Device BindingTarget system (media block / server)
SignatureDigital signature for authentication

Security Mechanisms

  • Asymmetric encryption (Public Key Infrastructure, PKI)
  • Device-specific binding
  • Time restrictions
  • Digital signatures for integrity verification These mechanisms ensure controlled and secure playback.

Types of KDMs

TypeDescription
Standard KDMFor a specific cinema system
Multi-KDMCovers multiple systems
Test KDMUsed for testing and previews

Practical Use

  • Distributors generate KDMs for individual cinemas
  • Delivered typically via email
  • Imported into the cinema server
  • Encrypted DCPs cannot be played without a valid KDM

Advantages

  • Strong protection against piracy
  • Flexible scheduling of screenings
  • Precise control over content usage

Disadvantages

  • Administrative overhead
  • Dependence on correct system certificates
  • Potential issues with time settings or certificate mismatches

Common Issues

  • Expired KDM
  • Incorrect target device (certificate mismatch)
  • Server clock misconfiguration
  • Corrupted or invalid file

Summary

The Key Delivery Message is a core component of digital cinema security. It enables controlled decryption of DCP content and ensures that films are only played on authorized systems within defined time frames.

  • An encrypted DCP can then only be played by specific recipients who have received the key for the DCP (KDM). Each cinema receives exactly the same DCP; it only needs to be encrypted once.
  • The so-called Key Delivery Message (KDM) is a small XML file (approx. 10 KB) in which the key for a DCP is transmitted. While each cinema receives the same encrypted DCP, the KDMs differ for each recipient; only the actual recipient of a KDM can make use of it. KDMs also include a validity period during which playback is possible.
  • In practice, KDMs are usually sent by email inside a .ZIP file, generally directly from the distributor to the respective cinemas. For our festival service, it is essential that the KDMs also reach us for review, at least in CC.
  • A Distribution Key Delivery Message (DKDM) is a KDM that is issued for mastering systems. Technically, however, it is no different from a normal KDM. The distinction in naming is made because mastering systems can be used to decrypt the film (whereas cinema servers can only play it). Just like cinemas, mastering systems need the key to open the film. Likewise, mastering systems—just like cinema servers—have a certificate that uniquely identifies them and for which (D)KDMs can be issued.
    • If a DCP is encrypted and we are supposed to make changes to it afterwards (e.g., add subtitles), then we absolutely need a DKDM for our Clipster mastering system. For this, a request must be made to the film production/distributor with our Clipster server certificate attached.
  • KDMs are always specific in the following three points:
    • CPL (exact version of the film within the DCP)
    • Time period (start time and end time with date and time (to the second))
    • Server (uniquely identified via server certificate, not transferable)

I.e., in our KDM service we check whether the correct KDM is available for your screening:

  • correct cinema / auditorium (server)
  • sufficient time window for test & screening
  • correct DCP for the film (specifically the OV or VF that corresponds to the target version)
  • If you receive KDMs, you can either forward them to us by email, or upload them directly in MyStudio under “KDM”
    • However, the KDM check only works once all films and screenings have been entered into MyStudio
Previous term
Interop
Interop