DCI Specs - Digital Cinema Initiatives

More documents

Recommendations

Info

9.4.2.3. Media Blocks (MBs)The term Media Block 19 (MB) has been used by the Digital Cinema industry in a numberof ways. In this Section 9 SECURITY, it has a very narrow scope: An MB is an SPB thatperforms essence decryption, i.e., it contains at least one MD. Other SE functions mayalso be present within a MB SPB, as described below:• Image Media Block (IMB) – The Image Media Block (IMB) is a type of SecureProcessing Block (SPB) that shall contain a Security Manager (SM), Image,Audio and Subtitle Media Decryptors (MD), image decoder, Image and AudioForensic Marking (FM) and optionally Link Encryptor (LE) functions. The IMB SMis responsible for security for a single auditorium, and it authenticates other SPBsthat are required to participate in showings. Other such SPBs are referred to asremote or external SPBs.• Remote Media Block – A remote Media Block is a remote SPB that containsother types of MDs, such as those used for audio or subtitles, but does notcontain an SM. Remote Media Blocks shall not be used in DCI compliantsystems.9.4.2.4. Security Manager (SM)The SM controls Security Data and content access in a manner consistent with thepolicies agreed upon by the Stakeholders who rely upon it. There is one SM for eachauditorium, and it shall be contained within the IMB. The Rights Owners (Distribution)shall share this SM for their security needs.Security Manager functions shall conform to the requirements as given in Section 9.4.3.5Functions of the Security Manager (SM) and Section 9.6.1 Digital Rights Management.The Security Manager is a self-contained system with an embedded processor and realtimeoperating system. SM functions shall not be implemented outside of the secureenvironment of the Image Media Block (IMB) SPB.The Security Manager is a self-contained processor running a real-time operatingsystem. The operating environment shall be limited to the FIPS 140-2 limited operationalenvironment category (Section 9.5.2.5 FIPS 140-2 Requirements for Type 1 SecureProcessing Blocks), meaning that the SM’s operation shall not be modifiable in the field.The only security communication with systems (processors) external to the SM’s SPBshall be by Transport Layer Security (TLS) over a network interface per Section 9.4.5.1Transport Layer Security Sessions, End Points and Intra-Theater Messaging. Thepreferred real time operating system would use the National Security Agency (NSA)kernel and would be specifically designed for secure operations.. The Security Managersoftware shall use all appropriate security features of the operating system.Security Manager software changes and upgrade requirements are given in Section9.5.2.7 SPB Firmware Modifications.9.4.2.5. Screen Management System (SMS)Theater management controls auditorium security operations through the ScreenManagement System (SMS). Because the SMS interacts and communicates directly19 In Section 7 THEATER SYSTEMS Media Blocks are also discussed. The terminology used there is not strictly securityfocused, because other important equipment requirements such as storage and server functions are discussed. Dependingupon a particular design, server functions may well be part of what is in a MB, when viewed in its entirety. Since othersuch functions are invisible to security, they need not be discussed within the security arena, and are not addressed in thissecurity chapter.DCI Digital Cinema System Specification v.1.2 Page 102
with the security system, it is also considered to be part of the Security Entity (SE) 20 . TheSM responds to the directives that Theater Management System (TMS) issues via theSMS. For purposes of simplicity, and subject to the TMS constraint below, thisspecification uses the term SMS to mean either/both Theater Management System(TMS) or Screen Management System (SMS). From the security system perspective,SMS functions are those associated with “category 1” Intra-Theater Messages of Table15: Intra-theater Message (ITM) Request-Response Pairs (RRP).SMS Requirements:• The SMS shall carry a DCI compliant digital certificate (see Section 9.5.1) toidentify the SMS entity to the SM. The SMS certificate shall indicate only theSMS role unless the SMS is contained within a SPB meeting the protectionrequirements for any other designated roles.• The SMS digital certificate may be permanent to the SMS, or “operatorcertificates” may be assigned to designated personnel (e.g., using a dongle,smart card, etc.) for association with the SMS.• In the event that Exhibition command and control designs include the TMS as adevice that interfaces with the SMs, such a TMS shall be viewed by the securitysystem as an SMS, and it shall carry a digital certificate and follow all other SMSbehavior, Transport Layer Security (TLS) and Intra-Theater Message (ITM)communications requirements.• Identification of the SMS operator for purposes of the “AuthorityID” field (seeSection 9.4.5.2.4) shall be by:• Certificate thumbprint, where “operator certificates” are used, or• Username/password or the like, as specified by exhibition management.SM interaction with the SMS 21 is normatively defined (see Section 9.4.3.5 Functions ofthe Security Manager (SM)). These include the requirements that:• The SM provides log records identifying the SMS for which it operates, as wellas the AuthorityID field. In the case where “operator certificates” are used, thisinformation is the same (i.e., the digital certificate thumbprint).9.4.2.6. Projection SystemsFrom the security perspective, a projection system consists of the projector type 2Secure Processing Block (SPB) and its “companion” SPB, which will be either the LinkDecryptor Block (LDB) or Image Media Block (IMB). A critical security issue is assuringthat the clear text image output of the LDB or IMB goes to a legitimate projection device.Therefore Section 9.4.3.6.1 Normative Requirements: Projector Secure ProcessingBlock defines a “marriage” process with the companion SPB. The marriage, inconjunction with the Trusted Device List (TDL) and TLS-based authentication of thecompanion and projector SPBs, addresses the legitimate projector security issue.The purpose of the marriage is to have a human authority figure supervise theinstallation of a projection system to assure the physical connection of the two SPBs,20 The Screen Management System (SMS) is part of the Security Entity (SE) but is not a secure device.21 SMS-to-SM Intra-Theater Message (ITM) commands (see Section 9.4.5.3.1 Screen Management System to SecurityManager Messages)include means to carry SMS operator identification via the “AuthorityID” field. The specificoperational policies used at exhibition that surround operator identification, empowerment or enforcement are outside thescope of this specification.DCI Digital Cinema System Specification v.1.2 Page 103
Page 1 and 2:
Digital Cinema Initiatives, LLCDigi
Page 3 and 4:
Table of Contents1. OVERVIEW 151.1.
Page 5 and 6:
5.2.2. Packaging Fundamental Requir
Page 8 and 9:
7.5.5.1. Introduction..............
Page 10 and 11:
9.4.2.5. Screen Management System (
Page 12 and 13:
Table of FiguresFigure 1: System Ov
Page 14 and 15:
THIS PAGE LEFT BLANK INTENTIONALLYD
Page 16 and 17:
equirements for encrypting the esse
Page 18 and 19:
• This document specifies a basel
Page 20 and 21:
DCI Digital Cinema System Specifica
Page 22 and 23:
2.1.1. Major System Concepts2.1.1.1
Page 24 and 25:
2.1.1.8. ReelsFeature films have be
Page 26 and 27:
Metadata within the DCDM provides a
Page 28 and 29:
3.2.1.6. Transfer FunctionThe CIE X
Page 30 and 31:
The information, as shown in Table
Page 32 and 33:
AES Pair#/Ch# Channel # Label / Nam
Page 34 and 35:
3.3.4. File Format3.3.4.1. GeneralT
Page 36 and 37:
3.4.3. Timed Text Concepts and Requ
Page 38 and 39:
Page 40 and 41:
• All decoders shall decode each
Page 42 and 43:
Page 44 and 45:
5.2.2.3. InteroperableThe Packaging
Page 46 and 47:
Figure 6: Example Show PlaylistThe
Page 48 and 49:
Length (Value Length), followed by
Page 50 and 51:
which it was stopped or paused. It
Page 52 and 53: 5.3.4.2. Frame BoundariesThe Audio
Page 54 and 55: • Rating• Aspect Ratio• Image
Page 56 and 57: • Annotation Text parameter (opti
Page 58 and 59: THIS PAGE LEFT BLANK INTENTIONALLYD
Page 60 and 61: 7.2.3.1. ReliabilityA key part of t
Page 62 and 63: • Country• Rating• Aspect Rat
Page 64 and 65: facility, while the system is in op
Page 66 and 67: Exhibitor and the Distributor, data
Page 68 and 69: 7.5.2.2. Ingest InterfacesExcept fo
Page 70 and 71: (channels) * hours * 60 min/hour *
Page 72 and 73: 7.5.4.2.4. UnpackagingAny packaged
Page 74 and 75: 7.5.6. Audio System7.5.6.1. Introdu
Page 76 and 77: made up of Theater System devices a
Page 78 and 79: DCI Digital Cinema System Specifica
Page 80 and 81: 8.2.2.3. Alternative ContentThe pro
Page 82 and 83: With the projector turned off or wi
Page 84 and 85: Image ParametersNominal(Projected I
Page 86 and 87: Input Code Values Output Chromatici
Page 88 and 89: 8.4. Projector Interfaces8.4.1. Int
Page 90 and 91: • Lens Shift Up / Down• Lamp Mo
Page 92 and 93: • Essence Encryption and Cryptogr
Page 94 and 95: content keys and Trusted Device Lis
Page 96 and 97: Figure 14: Digital Cinema Security
Page 98 and 99: Figure 15 presents the two fundamen
Page 100 and 101: DCI Digital Cinema System Specifica
Page 104 and 105: which TLS-based authentication alon
Page 106 and 107: working with the security infrastru
Page 108 and 109: Figure 18: Show Playback Overview9.
Page 110 and 111: a. Playout shall be fully supported
Page 112 and 113: 9.4.5. Intra-Theater Communications
Page 114 and 115: 4. Projector SPB designs shall not
Page 116 and 117: the event, and zero all Critical Se
Page 118 and 119: window) shall be UTC.Security Manag
Page 120 and 121: . The SM shall independently authen
Page 122 and 123: 6. No broadcast RRP commands shall
Page 124 and 125: Functions of the Security Manager (
Page 126 and 127: Note: DCI reserves the right, at so
Page 128 and 129: • Is required to survive camcorde
Page 130 and 131: • Log Data - Security event infor
Page 132 and 133: using the GetEventList and GetEvent
Page 134 and 135: failure) per Section 9.6.1.3 Digita
Page 136 and 137: • Secure Silicon -Sensitive data
Page 138 and 139: secure silicon chip, input/output s
Page 140 and 141: FIPS 140-2 level 3 devices provide
Page 142 and 143: to the appropriate Section 9.4.5.2.
Page 144 and 145: those under the control of the Secu
Page 146 and 147: Security Managers (SMs) other than
Page 148 and 149: The above RSA asymmetric protection
Page 150 and 151: THIS PAGE LEFT BLANK INTENTIONALLYD
Page 152 and 153:
CPRL Acronym for Component Position
Page 154 and 155:
LTCMain TitlesMBMDMEMetadataMTBFMXF
Page 156:
TDLTimed TextTLMTLSTMSTrack FileUDP
show all

DCI Specs - Digital Cinema Initiatives

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?