my profile | my password | search | faq & rules | forum home

» Film-Tech Forum ARCHIVE   » Operations   » Digital Cinema Forum   » How to request certs for KDM generation (Page 1)

This topic comprises 2 pages: 1  2

Author Topic: How to request certs for KDM generation Jonathan Seaman Film Handler Posts: 13 From: Norwich, Norfolk, UK Registered: Mar 2011 posted 02-13-2017 11:14 AM                     Hi all, Firstly apologies if this is not the place to post it or if this has already been answered. I did a search and couldn't find what I was looking for. Myself and a friend are starting up a business where we generate DCPs and we are offering the option of Encrypted DCPs and KDMs. I work in a cinema and know how the system works but I am not sure of where we can obtain the certs for KDM generation. I know here in the UK the DCP/KDM generators such as Deluxe request the serial number of the server/IMB along with the make and model of the server/projector from the cinema however I do not know where they go with this information to obtain our KDM certs as I, as the chief technician/projectionist at a cinema, have never had to provide them with a copy of the cert from the Sony 4Ks we have installed. Does anyone know if there is a central database for this information or know how to go about contacting the relevant people to obtain this information as it will so greatly help us with our new business. Many thanks in advance. Jonny  |  IP: Logged Carsten Kurz Film God Posts: 4340 From: Cologne, NRW, Germany Registered: Aug 2009 posted 02-13-2017 11:36 AM                     All the Mastering/KDM service companies consider their cert/site databases as business secrets. There is no general database available. Keeping this information up-to-date, even for a specific geographic region only, means quite some work. Some manufacturers supply a serial-number/certificate reference upon request, some offer a web or FTP interface. The Dolby/Doremi cert download site covers many servers of the Dolby and Doremi brands: http://www.dolbycustomer.com/cinema/Certificates Some servers allow to download the certificate from the unit itself to a USB stick or connected PC. But that means you need to contact every individual cinema for a request and hope they get it right for all their screens. http://www.film-tech.com/ubb/f16/t002905.html - Carsten  |  IP: Logged Dave Macaulay Film God Posts: 2321 From: Toronto, Canada Registered: Apr 2001 posted 02-13-2017 09:52 PM                     The distributors send out a data request form when a cinema is built or converted and needs a feature kdm. They request a lot of information but the basic info required is the site's email address and their server brand/model plus media block serial number. Some other info is needed to get the right kdm generated - the cpl and thus its kdm will be different for things like 5.1 vs 71, dbox, atmos, different language audio or subtitles, etc. With that they get the certificates from the server manufacturer as they need them, and keep them on file. Doremi and Barco have the server certificate files online: probably Dolby, NEC, GDC, Christie, Sony etc also do. That saves having to pay someone to handle cert requests. I suggest asking for your client cinemas server brand, model, and SM serial #. Contact the manufacturers tech support and ask how to get the certificates to make a kdm. I expect they will give you a login for their cert ftp or web repository. There aren't that many server manufacturers so pretty soon you should have access to all the certs you may need.  |  IP: Logged Leo Enticknap Film God Posts: 7474 From: Loma Linda, CA Registered: Jul 2000 posted 02-13-2017 11:10 PM                        You will need the media block certs provided for every screening venue. You could keep them on your system, but given that venues can and do change media blocks, I would at least ask for confirmation that there hasn't been any change before every KDM issue. As someone who also does a little bit of DCP making for third party venues, be prepared for a world of pain when it comes to encryption. Problems you may well encounter are: "Media block cert? What's that?" from multiplex staff who have never had to provide one, or even know what it is, because all the DCPs they get come from Deluxe, who have had their .PEMs in their database since the beginning of (digital cinema) time. Because the theater staff don't know what they're doing, they give you the wrong cert. For example, they're using a DSS200 with a cat745 IMB, but accidentally give you the serial number for the built-in cat862, which is not in use, because that's the easiest to find serial # sticker, in the most obvious place. They may also give you the server's chassis serial number rather than the media block or IMB serial. If you will be doing jobs for customers in different time zones, be very careful of open/close times for KDMs. Be prepared for panic calls and emails 24/7, expecting a response within minutes, if a KDM doesn't work, and/or they decide they want it open earlier or later for some last minute reason. If you can't provide that sort of response, agree with the customer in advance when you will be available to respond to queries and in what turnaround time and how much you will charge for this ongoing service. Whenever anyone asks me to make a DCP for them, whether it's for screening in one of our venues or some place else, I always advise against encryption unless they have a very good reason for encrypting. Remember, that when you make an unencrypted DCP, as soon as you've handed over the drive(s), the job is done and you walk away (unless you have agreed to store the DCP and keep it available to make further copies for a set period, which, if it were me, I'd charge extra for). If you've encrypted it, however, you're going to have to be available to make and troubleshoot KDMs for it, as long as it's in circulation.  |  IP: Logged Jonathan Seaman Film Handler Posts: 13 From: Norwich, Norfolk, UK Registered: Mar 2011 posted 02-16-2017 11:28 AM                     Thanks for your replies guys they have been very useful to read. I think my business partner and I will offer the Encrypted DCP and KDM service but be very specific about our hours of operation with regard to support. We will be looking into an emergency auto generation system or something along those lines as well to see if it is viable. With regard to the obtaining of the certs, I think we are likely to go down the route that if a KDM is required then we will ask for exhibitor details when taking the job on so that we can contact the cinemas directly to be able to obtain their certs direct from manufacturer Many Thanks J  |  IP: Logged Lars Goldschlager Film Handler Posts: 16 From: Caracas, Distrito Capital, Venezuela Registered: Jan 2015 posted 02-16-2017 02:06 PM                     Two pieces of advice from someone in the third world who deals with encrypted DCPs and unkownleable people, 1) Be ready to be called at night, 15 minutes before a very important show they forgot to warn you about because "They forgot the DCP was encrypted" to quickly make a key, whatever the stipulations for working hours you add. 2) Don't try to make (and convince the client that it's useless to make) "perfect fit" showing windows. Exhibitions sometimes start late, or get derailed, and projectionists or producers sometimes need or want to test the DCP before the exhibition. Making the KDM open the DCP 10 minutes before the show, and close on the exact same moment the showing ends can lead to disaster. At the least work in 24 hour increments (full days) and it's normally good to have a one or better two day window before the showing for testing purposes.  |  IP: Logged Paul H. Rayton Expert Film Handler Posts: 210 From: Los Angeles, CA , USA Registered: Aug 2003 posted 02-16-2017 02:23 PM                    I'll expand on Lars' message, which came in while I was writing essentially similar advice. Specifically: If I may humbly offer a slightly contrarian direction ... I'd like to suggest that you, in your business, strongly suggest to your clients that they NOT bother with encryption at all. Firstly, encrypting shows doesn't really save any money, because in these days of the internet, any significant "unlicensed" shows are fairly simple to track down. Secondly, having to deal with KDMs becomes a lifelong job (at least as long as the show is in any circulation). While you plan to proactively ask your clients to obtain the necessary certs for you before you really get started in the full details of rendering their DCP, that's easier said than done. What about the second-run cinemas, who they never thought about as potential location(s) for a screening? What about that obscure film festival in some distant land that suddenly wants to program the show, and no one knows how to contact the organizers to get the appropriate tech information in a hurry? And finally, it just results in so much extra hassle for you, esp. since you don't plan to be a 24-hour source of such info. Having been involved with numerous film festivals involving DCPs, I think there is almost nothing in exhibition these days that is more vexing and more troublesome than the issue of incorrect KDMs. There seem to be dozens of ways they can go wrong: 1) Time zone differences between the mastering location and the exhibition location. 1a) Daylight (Summer) time clock changes. 2) Clock of playback server drifting a few minutes, just enough so that -- oops! -- the show now becomes "illegal" and won't start. 3) Extremely minor changes (such as a change in a subtitle word spelling) that result in a new "version", but the KDM makers are unaware of it in time, so the show won't play because the version CPL(s) don't match. 4) Festival installs different (better) equipment than is normally on duty in the venue, so all existing venue certificate information is useless. 5) 3D vs. 2D version(s). 6) Various audio configurations. The list could go on and on. There have been some very high profile shows that failed to play due to issues with "keys", and I know of at least one that then had to be played via a Blu-ray, as an emergency backup mode. All because of troubles with KDMs. At our venues in L.A., I can't even begin to count the number of times we've had frantic, last-minute experiences with incorrect KDMs (and attempting to obtain new ones) due to errors of one sort or another. In particular, certain distributors who are not 24-hour operations cause huge difficulties. More than once we've woken people up in the middle of the night (possibly accidentally, but that phone number was provided to us by someone!), an unintended consequence of such KDM follies. So, you'll be doing yourself and your clients a favor if you strongly recommend that they not bother with encrypted modes for 99% of your content. Unless they're doing the newest "Star Wars" show, or something that truly needs restricting such as documentation of new patent mechanisms or medical processes, etc., it's a pointless exercise. That's my takeaway after years at the receiving end of dealing with these issues. Just make 'em unencrypted [open] DCPs, and be done with it! Projectionists around the world will be thanking you for years!  |  IP: Logged Frank Cox Film God Posts: 2234 From: Melville Saskatchewan Canada Registered: Apr 2011 posted 02-16-2017 03:46 PM                        My GDC server has been running 40 minutes fast for a few years. A key that's programmed to open at 1pm will allow me to start playing it at 1:40pm. Though I've asked the techs to have this fixed a few times, nobody seems to see this as being much of a problem so I suppose it will continue this way "forever". But know that you can't count on anything close to accurate when it comes to cinema server times.  |  IP: Logged Stephan Shelley Jedi Master Film Handler Posts: 854 From: castro valley, CA, usa Registered: Nov 2014 posted 02-16-2017 04:29 PM                     Frank, call GDC tech support and have a way for them to remote into the server online. Teanviewer works. They can login and correct the time.  |  IP: Logged Jonathan Seaman Film Handler Posts: 13 From: Norwich, Norfolk, UK Registered: Mar 2011 posted 02-16-2017 04:58 PM                     Thanks for your advise guys. I know of the frustrations you are talking about as I am the chief projectionist/technician for a cinema here in the UK. We know of the problems and frustrations KDMs and encrypted DCPs can cause. We have faced problems where a distributor had out dated information about our projection equipment so had generated KDMs that did not match our current Sony 4Ks. We have also had to wait to get emergency keys generated for us due to distributors not sending out the requests for new KDMs. We plan on taking all of my experiences as working in a cinema and use it to our advantage to enable us to provide a better service to our customers as we will very clear and detailed knowledge from within the industry itself. We are going to offer it as a service but not actively encourage customers/clients to get their DCPs encrypted. We are looking down this route though to ensure we are able to offer this service for customers should they wish to purchase it.  |  IP: Logged Leslie Hartmier Expert Film Handler Posts: 100 From: Edmonton, Alberta, Canada Registered: Jul 2012 posted 02-21-2017 09:47 PM                     Hmm... well, if your content server is running 40 minutes fast, that would mean that you do not use NTP to control the time. If it was an hour, than it could be a time zone issue, but 40 minutes could also mean you're actually in the wrong timezone and not using NTP (meaning you're possibly only 20 minutes out) Nevertheless, you can: 1) have GDC log in to fix it, 2) you can activate the NTP, or, 3) if your content server is at 7.83 firmware, you can arrange (or if you have the skills, do it yourself) to update the server to 8.00 build 256, (as long as your IMB is not one of the ones with the faulty ADSP), as going from 7.83 to 8.xx allows you to set the time ONCE to just about anything - I assume you're already on 8.x, for DCI compliance though, so that might not be an option. Me, I'd use the NTP thing, since you can just set it and forget it, but you might have your own preference. Leslie  |  IP: Logged Frank Cox Film God Posts: 2234 From: Melville Saskatchewan Canada Registered: Apr 2011 posted 02-21-2017 09:50 PM                        My projector and server are not on the Internet; they are networked to nothing other than themselves.  |  IP: Logged Steve Guttag We forgot the crackers Gromit!!! Posts: 12814 From: Annapolis, MD Registered: Dec 1999 posted 02-22-2017 06:34 AM                     Do you have a computer that is on the internet? Is it also on the same network as the server (or can you add a NIC to put it on the same network)? If so, you can set a local computer to act as an NTP source.  |  IP: Logged Leslie Hartmier Expert Film Handler Posts: 100 From: Edmonton, Alberta, Canada Registered: Jul 2012 posted 02-22-2017 11:03 AM                     GDC supplies a document on how to use a Windows machine as an NTP server. We use the manager's computer as an NTP server at one of our locations. Leslie  |  IP: Logged Frank Cox Film God Posts: 2234 From: Melville Saskatchewan Canada Registered: Apr 2011 posted 02-22-2017 03:15 PM                        My projector and cinema server have never been connected to the Internet-at-large. There is a router in the base of the unit that connects the server and the projector together, and that's it. Nobody has ever suggested putting it on the Internet prior to right now, but I've actually always thought that keeping it isolated was a reasonably good idea anyway since the server runs on Fedora Core 5 which has been EOL with no security updates from Red Hat for the past ten years. I don't think there ever was an actual decision made about putting it on the Internet -- it was just hooked up this way when it was first installed and never changed since. I have an Internet service in the theatre and could get a network connection to it without too much difficulty by purchasing a 40-foot or so ethernet cable. There is apparently a second unused network card in the GDC server since it complains about that every time that it boots up. As far as I know the cinema stuff is networked as 192.168.1.XXX. My theatre network that I use for everything else (including the Internet) is set up as 192.168.0.XXX.  |  IP: Logged

All times are Central (GMT -6:00)

This topic comprises 2 pages: 1  2

Printer-friendly view of this topic

Hop To: Select a Forum: Category: Operations -------------------- Digital Cinema Forum Film Handlers' Forum Large Format Forum Ground Level Feature Info, Trailer Attachments & REAL Credit Offsets Category: Community -------------------- Film-Yak Film Handlers' Movie Reviews The Afterlife Bob Maar's Joke-A-Thon Category: Classified -------------------- Equipment and Supplies Wanted/For Sale Help Wanted/Seeking Employment Category: System -------------------- Software Beta Testing Forum

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.