DCI Specs - Digital Cinema Initiatives

More documents

Recommendations

Info

a. Playout shall be fully supported by a single KDM, inclusive of all requiredessence keys and playout time window (i.e., a playout shall not occur thatrequires the combination of two or more KDMs).b. For any given composition, playout shall be enabled for any start time that iswithin the KDM's time window.c. To avoid end of engagement issues, a show time’s playout may extendbeyond the end of the KDM's playout time window, if started within the KDMplayout time window, by a maximum of six (6) hours.d. Excepting the requirements of item 2c above, the SM shall delete any KDMand associated keys for which the playback time window has expired(passed).3. Reject ETM messages that are not recognized as DCI compliant standardizedmessages.4. Validate Composition Playlists (CPL), and log results as a prerequisite topreparing the suite for the associated composition playback. For encryptedcontent, validation shall be by cross checking that the associated KDM'sContentAuthenticator element matches a certificate thumbprint of one of thecertificates in the CPL's signer chain (see item 1 above), and that such certificateindicate only a “Content Signer” (CS) role per Section 5.3.4, “Naming and Roles”of the certificate specification (SMPTE430-2 D-Cinema Operation - DigitalCertificate).5. Process essence (i.e., Track File frame) integrity pack metadata for image andsound during show runtime. Log information necessary to detect deviations(including restarts) from the actual playback sequence from the Track File ID andreel sequence specified in the CPL as follows:a. Image – Process integrity pack information, with the exception that the framehash (HMAC) check is encouraged but optional.b. Audio – Process integrity pack information, including the hash (HMAC).6. [This item left blank intentionally.]7. Perform remote Secure Processing Block (SPB) and Screen ManagementSystem (SMS) authentication through Transport Layer Security (TLS) sessionestablishment, and maintain the certificate lists so collected.a. Associate certificate lists with TDLs delivered in KDMs per Section 5.2.5 ofthe KDM specification (SMPTE430-1: D-Cinema Operations - Key DeliveryMessage) to support the identification of security devices that are trusted/nottrusted.b. Maintain TLS sessions open for not more than 24 hours between completerestarts (i.e., forces periodic fresh TLS keys).8. Support TLS-protected ITM standards per Section 9.4.5.2 Intra-TheaterMessage Definitions. ITM functions shall include:a. Maintain TLS sessions with suite SPBs (including the SMS),b. Querying/receiving status of other SPBs external to the SM’s Media Block,c. ITM usage and operational behavior means with respect to item 8a and item8b, sufficient to detect any equipment substitutions,DCI Digital Cinema System Specification v.1.2 Page 110
d. Reporting status on CPL playability, suite readiness and other SM and SPBconditions to the SMS,e. Movement of security (or security related) information (e.g., content keys andLE keys, logging data, secure time).9. Prepare and issue content keys to Media Decryptor (MD) and Forensic Marking(FM) SEs as may require keying per the CPL. Constrain use of keys to:a. Confirmation (via QuerySPB command) that TLS connections are operativewith remote SPBs, and that the QuerySPB Response "general response"element indicator is "0" (RRP successful).b. Usage validity periods of six (6) hours for remote SPBs (in line with the rule ofitem 2c above).c. Authenticated and trusted Secure Processing Blocks (SPBs (per item 7above). The system shall check the SPBs against the TDL for eachcomposition independently.d. Media Decryptors (e.g., image, sound, subtitle, link encryption) in SPBs thatmeet status requirements of item 14 below.e. Specific MDs matching the key type IDs as designated by the KDM, perSection 5.2.8 of the KDM specification (SMPTE430-1: D-Cinema Operations -Key Delivery Message).f. Receipt by the SM of a valid CPL for the composition being prepared forplayback per item 4 above.10. Support Link Encryption (LE) keying (if link encryption is used) by:a. Generating unpredictable keys per Section 9.7.6 Key Generation andDerivation and having a usage validity period on a per-showing basis (i.e.,each playout of an encrypted composition requires a new LE key.) which isgenerated per item 11 below.b. Transferring LE keys only to an authenticated and trusted (per item 7 above)Link Decryptor Security Entity (SE) function.c. Support link encryption operational processes for combinations of clear andencrypted content according to Section 9.4.4 Link Encryption.11. Perform suite playback preparations per items 9 and 10 above for each showing,within 30 minutes prior to show time. Though item 9 above establishes keyvalidity periods of six hours, security equipment integrity checks and suite rekeyingshall be executed within 30 minutes prior to each show time.12. Maintain secure time for a specific auditorium, including SPB timesynchronization requirements per Section 9.4.3.7 Theater System Clocks andTrustable Date-Time.13. Execute log duties for the assigned auditorium per Section 9.4.6.3 LoggingSubsystem.14 Execute Forensic Marking (FM) control operations per Section 9.4.6.2 ForensicMarking Operations15. During all normal operating conditions (including during playback), continuouslymonitor and log integrity status of remote SPBs so as to preclude delivery ofkeys/content to, or playback on, compromised or improperly operating securityequipment. To support this requirement the QuerySPB command (see SectionDCI Digital Cinema System Specification v.1.2 Page 111
Page 1 and 2:
Digital Cinema Initiatives, LLCDigi
Page 3 and 4:
Table of Contents1. OVERVIEW 151.1.
Page 5 and 6:
5.2.2. Packaging Fundamental Requir
Page 8 and 9:
7.5.5.1. Introduction..............
Page 10 and 11:
9.4.2.5. Screen Management System (
Page 12 and 13:
Table of FiguresFigure 1: System Ov
Page 14 and 15:
THIS PAGE LEFT BLANK INTENTIONALLYD
Page 16 and 17:
equirements for encrypting the esse
Page 18 and 19:
• This document specifies a basel
Page 20 and 21:
DCI Digital Cinema System Specifica
Page 22 and 23:
2.1.1. Major System Concepts2.1.1.1
Page 24 and 25:
2.1.1.8. ReelsFeature films have be
Page 26 and 27:
Metadata within the DCDM provides a
Page 28 and 29:
3.2.1.6. Transfer FunctionThe CIE X
Page 30 and 31:
The information, as shown in Table
Page 32 and 33:
AES Pair#/Ch# Channel # Label / Nam
Page 34 and 35:
3.3.4. File Format3.3.4.1. GeneralT
Page 36 and 37:
3.4.3. Timed Text Concepts and Requ
Page 38 and 39:
Page 40 and 41:
• All decoders shall decode each
Page 42 and 43:
Page 44 and 45:
5.2.2.3. InteroperableThe Packaging
Page 46 and 47:
Figure 6: Example Show PlaylistThe
Page 48 and 49:
Length (Value Length), followed by
Page 50 and 51:
which it was stopped or paused. It
Page 52 and 53:
5.3.4.2. Frame BoundariesThe Audio
Page 54 and 55:
• Rating• Aspect Ratio• Image
Page 56 and 57:
• Annotation Text parameter (opti
Page 58 and 59:
Page 60 and 61: 7.2.3.1. ReliabilityA key part of t
Page 62 and 63: • Country• Rating• Aspect Rat
Page 64 and 65: facility, while the system is in op
Page 66 and 67: Exhibitor and the Distributor, data
Page 68 and 69: 7.5.2.2. Ingest InterfacesExcept fo
Page 70 and 71: (channels) * hours * 60 min/hour *
Page 72 and 73: 7.5.4.2.4. UnpackagingAny packaged
Page 74 and 75: 7.5.6. Audio System7.5.6.1. Introdu
Page 76 and 77: made up of Theater System devices a
Page 78 and 79: DCI Digital Cinema System Specifica
Page 80 and 81: 8.2.2.3. Alternative ContentThe pro
Page 82 and 83: With the projector turned off or wi
Page 84 and 85: Image ParametersNominal(Projected I
Page 86 and 87: Input Code Values Output Chromatici
Page 88 and 89: 8.4. Projector Interfaces8.4.1. Int
Page 90 and 91: • Lens Shift Up / Down• Lamp Mo
Page 92 and 93: • Essence Encryption and Cryptogr
Page 94 and 95: content keys and Trusted Device Lis
Page 96 and 97: Figure 14: Digital Cinema Security
Page 98 and 99: Figure 15 presents the two fundamen
Page 100 and 101: DCI Digital Cinema System Specifica
Page 102 and 103: 9.4.2.3. Media Blocks (MBs)The term
Page 104 and 105: which TLS-based authentication alon
Page 106 and 107: working with the security infrastru
Page 108 and 109: Figure 18: Show Playback Overview9.
Page 112 and 113: 9.4.5. Intra-Theater Communications
Page 114 and 115: 4. Projector SPB designs shall not
Page 116 and 117: the event, and zero all Critical Se
Page 118 and 119: window) shall be UTC.Security Manag
Page 120 and 121: . The SM shall independently authen
Page 122 and 123: 6. No broadcast RRP commands shall
Page 124 and 125: Functions of the Security Manager (
Page 126 and 127: Note: DCI reserves the right, at so
Page 128 and 129: • Is required to survive camcorde
Page 130 and 131: • Log Data - Security event infor
Page 132 and 133: using the GetEventList and GetEvent
Page 134 and 135: failure) per Section 9.6.1.3 Digita
Page 136 and 137: • Secure Silicon -Sensitive data
Page 138 and 139: secure silicon chip, input/output s
Page 140 and 141: FIPS 140-2 level 3 devices provide
Page 142 and 143: to the appropriate Section 9.4.5.2.
Page 144 and 145: those under the control of the Secu
Page 146 and 147: Security Managers (SMs) other than
Page 148 and 149: The above RSA asymmetric protection
Page 150 and 151: THIS PAGE LEFT BLANK INTENTIONALLYD
Page 152 and 153: CPRL Acronym for Component Position
Page 154 and 155: LTCMain TitlesMBMDMEMetadataMTBFMXF
Page 156: TDLTimed TextTLMTLSTMSTrack FileUDP
show all

DCI Specs - Digital Cinema Initiatives

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?