To protect your film from unauthorized access and disclosure, Digital Cinema Packages (DCPs) can be encrypted. This encrypted DCP can be played only by recipients who received the key to the DCP (KDM). Each cinema receives exactly the same DCP, it must be encrypted only once.
The so-called Key Delivery Message is a small XML file (10 kilobytes) in which the key for a DCP is transmitted. While every film gets the same encrypted DCP, the KDMs between each receiver differ; only the actual recipient of a KDM can use it. KDMs also contain a validity period during which a playback is possible.
Structurally the DKDM (Distribution Key Delivery Message) is exactly identical with the KDM. The only difference is that a DKDM is issued for mastering systems. The distinction is made because mastering systems can be used for example to decrypt the film (while cinema servers only playback). Just like cinema mastering systems require the key to open the film. Also mastering systems have, just as cinema servers, one certificate that clearly identifies them and on which (D) KDMs can be issued.
These certificates contain a unique identification of playback and mastering systems - virtually the "identity card". By issuing KDMs on these certificates, this concept allows a targeted distribution of playing privileges or time range. In daily use the server certificates are identified by the manufacturer and the serial number of the player. kinofreund links certificates with cinemas, so that KDMs can be easily issued "on cinemas". This database is accessible to all users.