TMS KDM Manager – File Upload

The KDM File Upload tab is where decryption keys (KDMs) are added into the TMS for distribution to the LMS and playback servers. It supports bulk uploads, drag-and-drop actions, and screen-targeted distribution for secure DCP playback.


🖥️ Interface Overview #

ElementDescription
Drag & Drop / File Select AreaUpload .xml KDM files by dragging them here or clicking to select
Upload AllTrigger LMS and Screen ingest for all files in queue
Clean LogsClears the upload history display (does not delete actual files)
UUIDUnique identifier of the KDM
Ingest LMSStatus of ingesting to central storage (LMS)
Upload to ScreenRetry button to push KDM to screen if it previously failed
Ingest ScreenStatus of ingest into target screen’s server (IMB/DSP)

📂 How It Works #

  1. Upload the File:
    • Drag and drop .xml KDM files
    • Or click Click to Select File to browse locally
  2. Auto Detection:
    • The TMS parses each file to identify which Screen it belongs to
    • It will ingest to LMS first, then the corresponding Screen
  3. Retry Uploads:
    • If screen was offline or projector IMB powered off, use the Upload button to retry
  4. Auto Push When Online:
    • If a required KDM is already in LMS, it will automatically be pushed to the screen when it comes online and a scheduled session needs it

🔐 KDM Handling in TMS: Accepted vs. Blocked Types #

The TMS employs intelligent filtering to ensure only valid and compatible KDMs are ingested, thereby preventing playback issues caused by incompatible or redundant keys.

✅ Accepted KDMs #

SMPTE KDMs utilizing SHA-256 certificates are the industry standard for modern digital cinema systems. These KDMs are compatible with JPEG 2000 DCPs and are recommended for their enhanced security and compatibility.

Example Filename:

KDM_TelagaSuriramFinal_FTR_S-239_MSA-EN_MY_51_2K_FP_20250422_FP_SMPTE_VF@ims-xxx.cert.sha256.pem.kdm.xml

Example KDM’s that is accepted – Consist of cert.sha256

Key Characteristics:

  • Conform to SMPTE ST 430-2 standards.
  • Use SHA-256 hashing algorithms.
  • Target specific IMBs (e.g., @ims-xxx).
  • Ensure secure and reliable playback.

⛔ Blocked KDMs #

KDMs using SHA-1 (also referred to as MPEG or Interop KDMs) are considered obsolete and are automatically blocked by the TMS to prevent potential playback conflicts

Example Filenames:

...@imb-xxx.chain.mpeg.pem.kdm.xml
...@imb-xxx.chain.sms.pem.kdm.xml
...@imb-xxx.cert.sms.pem.kdm.xml

In this example, the cert.sms , chain.mpeg, chain. sha256, chain.sms will be blocked by the TMS. It will accept the cert.mpeg and cert.sha256 KDM’s the rest will fail.

Reasons for Blocking:

  • SHA-1 is now considered insecure and deprecated.
  • MPEG/Interop KDMs are incompatible with modern JPEG 2000 DCPs.
  • Ingesting multiple KDM types can cause conflicts within the IMB, leading to playback errors.

📊 KDM Compatibility Diagram #

The following diagram illustrates the compatibility of different KDM types with modern digital cinema systems:

+----------------------+----------------------+----------------------+
| KDM Type | Certificate Type | Compatibility |
+----------------------+----------------------+----------------------+
| SMPTE KDM | SHA-256 | ✅ Accepted |
| Interop KDM | SHA-1 (MPEG) | ❌ Blocked |
| SMS KDM | SMS Certificates | ❌ Blocked |

| SMPTE Chain KDM | SHA-256 Chain | ❌ Blocked |
| Interop Chain KDM | SHA-1 (MPEG) | ❌ Blocked |
| SMS Chain KDM | SMS Chain | ❌ Blocked |
+----------------------+----------------------+----------------------+

⚠️ Important Notes #

  • SHA-256/SMPTE KDMs are used by all modern digital cinema servers.
  • Avoid uploading SHA-1/MPEG/Interop KDMs to prevent playback issues.
  • The TMS will automatically ingest valid KDMs into the LMS and attempt to distribute them to the appropriate screens.
  • If a screen is offline or its IMB is powered off, the TMS will queue the KDM and automatically ingest it once the screen becomes available

What are your feelings

Updated on May 7, 2025