I read with interest a press release from Dolby titled "Dolby Digital Cinema Recommended for FIPS Level 3 Certification by InfoGard".  In it, they announce that Dolby's FIPS testing lab, Infogard, has submitted Dolby's FIPS 140 paperwork to NIST.

That, by itself, isn't all that interesting.  But I didn't understand why Dolby would be using advanced cryptography until I read this part of the press release:

The FIPS 140 specifications are designed to make sure products that are sold to the US Government meet some minimum standard for things like key hygiene. They were not designed to allow companies to prove that they had implemented Digital Rights Management (DRM) properly.

I poked around and found a document titled "Digital Cinema System Specification Version 1", dated April 12, 2007. It has a number of interesting sections, including requirements like:

• Secure integrated circuits used for Digital Cinema security applications shall be of the type designed to resist physical and logical attacks, and shall ensure that a physical attack destroys CSPs prior to exposure. Devices meeting the “secure silicon” level of protection shall only be required to meet FIPS 140-2 level 3 row (area) five: "physical security requirements.”
• The AES cipher, operating in CBC mode with a 128 bit key, shall be used for Digital Cinema content encryption.
• Digital Certificates are the means by which the Security Manager identifies other security devices, and is also used in establishing Transport Layer Security (TLS) connections.

While it seems quite logical for the motion picture industry to leverage existing rigorous testing processes to ensure all participants meet the same standards (instead of inventing their own), it was a bit of a surprise to me to learn that they were doing so to keep people from copying movies.