DCI Specs - Digital Cinema Initiatives

More documents

Recommendations

Info

window) shall be UTC.Security Managers shall each be responsible for maintaining secure and trusted time forthe auditorium to which they are assigned (installed). The security system clockrequirements are:• The Image Media Block (IMB) SM shall be responsible for establishing andmaintaining time for the auditorium equipment suite it supervises.• Each Image Media Block (IMB) SM clock shall be set by the SM vendor towithin one second of UTC using a reference time standard (such as WWV).The clock shall be tamper-proof and thereafter may not be offset from UTC orotherwise reset. 23• In order to maintain synchronism between auditoriums, Exhibition shall beable to adjust a Security Manager’s clock offset a maximum of +/- six minuteswithin any calendar year. Time adjustments shall be logged events.• Remote SPBs type 1 shall have internal UTC time clocks, and maintain timeawareness24/7 under both powered and un-powered conditions. TheSecurity Manager shall track the time difference between remote SPB clocksand its internal clock by issuance of the "GetTime" standardized securitymessage of Table 15 "Intra-Theater Message Request-Response Pairs" atleast once per day.• The IMB Security Manager (SM) clock shall have the following capabilities:• Resolution to one second• Stability to be accurate +/- 30 seconds/month• Date-Time range at least 20 years• Battery life of at least 5 years• Battery can be changed without losing track of proper time• Proper time stamping of log events shall not be interrupted during a clockbattery change process.• Remote SPB clocks shall meet the same capabilities as the SM clock, exceptthe stability requirements are +/- 60 seconds per month. Exhibition shall beable to adjust a remote SPB's clock a maximum of +/- fifteen minutes withinany calendar year. Time adjustments shall be logged events.9.4.4. Link EncryptionLink Encryption shall be used at all times (i.e., for encrypted and clear text content) whereimage content is carried on interconnecting cables, which are exposed (i.e., outside of anSPB) downstream from image media decryption. The Security Manager shall enforce linkencryption operations per the requirements of this section in all applications except wherethe Image Media Block and the projector are married per Section 9.4.3.6.3. NormativeRequirements: Image Media Block, Item 3.Where Link Encryption is used (i.e., Auditorium 2 Figure 15: Digital Cinema AuditoriumSecurity Implementations), the Image Media Block (IMB) SM shall provide link encryptionkeys for use with the Link Encryptor (LE) and Link Decryptor (LD) Security Entities (SE)located within the IMB and Link Decryptor Block (LDB) SPBs respectively. Authentication of23 A limited-magnitude adjustable time offset to this clock is described in the subsequent point.DCI Digital Cinema System Specification v.1.2 Page 118
the LDB by the IMB SM (see Security Manager and LDB requirements of Section 9.4.3.5Functions of the Security Manager (SM) and Section 9.4.3.6.2.1 Normative Requirementsfor LD/LE SPB Devices) shall be performed to ensure that link keys are provided only tolegitimate devices which appear on the KDM Trusted Device List (see Section 9.6.2 “Trust”and the Trusted Device List (TDL)). Link Encryption keys shall be delivered to the LDB usingthe appropriate category 2 standardized security messages of Table 15 Intra-TheaterMessages Request-Response Pairs.In the case of playback of clear text content (as indicated by the CPL), no KDM is required,and in such a case no TDL will exist. Recognizing that combinations of clear text andencrypted content must be accommodated, the following rules define normative LinkEncryption functionality:• In any instance where content is not encrypted and no KDM for this content exists,the SM shall automatically assume “trust” in the LDB and projector SPBs forpurposes of keying the LDB and enabling playback for (only) that CPL. All loggingprocesses shall take place normally, recognizing that some logging events (e.g., nologging of content key use) will not be recorded.• In instances where combinations of encrypted and non-encrypted content constitutea Show Playlist, the SM shall require the LDB and projector to appear on the TDLprior to enabling keying Link Encryption functions and enabling playback for any CPLhaving encrypted content.It is encouraged that the industry standardizes the content encryption processing employedfor Link Encryption. However these specifications only dictate that such protection shallselect one of the TDES [FIPS (46-3) and ANSI standard X9.32] or AES algorithm applied ina NIST approved fashion. Link Encryption keys shall be 112 bits in length for TDES or 128bits in length for AES, and such keys shall be generated according to the requirements ofSection 9.7.6 Key Generation and DerivationIt is mandatory that a fresh Link Encryption key be used for each movie showing (i.e., eachplayout of an encrypted composition requires a new LE key.) Multiple Link Encryption keysmay be used for showings, and in such cases, it is encouraged that different LE keys bedistinguished by (used according to) the CPL (where different Composition Playlistsconstitute a showing). In the case where multiple LE keys are used, it will be necessary forthe industry to standardize on a single technique to identify which LE key is to be used forwhich portion(s) of any given showing.9.4.4.1. Multiple Link Encryption OperationContent owners may approve the use of multiple Link Encryption stages within a singleauditorium for accommodating special auditorium situations. Special auditoriumsituations are recognized as changes to Auditorium 2 of Figure 15: Digital CinemaAuditorium Security Implementations, such as: (i) the insertion of a single imageprocessor between Image Media Block and a LDB/projection system; (ii) the use ofmultiple LDB/projection systems with a single server/IMB.Multiple Link Encryption operation shall follow all normal (single) Link Encryptionrequirements of this section, with the following additional requirements:a. SM behavior shall be designed to identify a special auditorium situation duringthe auditorium security network TLS session establishment. The digital certificateexchange with remote SPBs will return the associated certificate roles for eachSPB in the auditorium (i.e., LD/LE SPB device or more than a singleLDB/projector).DCI Digital Cinema System Specification v.1.2 Page 119
Page 1 and 2:
Digital Cinema Initiatives, LLCDigi
Page 3 and 4:
Table of Contents1. OVERVIEW 151.1.
Page 5 and 6:
5.2.2. Packaging Fundamental Requir
Page 8 and 9:
7.5.5.1. Introduction..............
Page 10 and 11:
9.4.2.5. Screen Management System (
Page 12 and 13:
Table of FiguresFigure 1: System Ov
Page 14 and 15:
THIS PAGE LEFT BLANK INTENTIONALLYD
Page 16 and 17:
equirements for encrypting the esse
Page 18 and 19:
• This document specifies a basel
Page 20 and 21:
DCI Digital Cinema System Specifica
Page 22 and 23:
2.1.1. Major System Concepts2.1.1.1
Page 24 and 25:
2.1.1.8. ReelsFeature films have be
Page 26 and 27:
Metadata within the DCDM provides a
Page 28 and 29:
3.2.1.6. Transfer FunctionThe CIE X
Page 30 and 31:
The information, as shown in Table
Page 32 and 33:
AES Pair#/Ch# Channel # Label / Nam
Page 34 and 35:
3.3.4. File Format3.3.4.1. GeneralT
Page 36 and 37:
3.4.3. Timed Text Concepts and Requ
Page 38 and 39:
Page 40 and 41:
• All decoders shall decode each
Page 42 and 43:
Page 44 and 45:
5.2.2.3. InteroperableThe Packaging
Page 46 and 47:
Figure 6: Example Show PlaylistThe
Page 48 and 49:
Length (Value Length), followed by
Page 50 and 51:
which it was stopped or paused. It
Page 52 and 53:
5.3.4.2. Frame BoundariesThe Audio
Page 54 and 55:
• Rating• Aspect Ratio• Image
Page 56 and 57:
• Annotation Text parameter (opti
Page 58 and 59:
Page 60 and 61:
7.2.3.1. ReliabilityA key part of t
Page 62 and 63:
• Country• Rating• Aspect Rat
Page 64 and 65:
facility, while the system is in op
Page 66 and 67:
Exhibitor and the Distributor, data
Page 68 and 69: 7.5.2.2. Ingest InterfacesExcept fo
Page 70 and 71: (channels) * hours * 60 min/hour *
Page 72 and 73: 7.5.4.2.4. UnpackagingAny packaged
Page 74 and 75: 7.5.6. Audio System7.5.6.1. Introdu
Page 76 and 77: made up of Theater System devices a
Page 78 and 79: DCI Digital Cinema System Specifica
Page 80 and 81: 8.2.2.3. Alternative ContentThe pro
Page 82 and 83: With the projector turned off or wi
Page 84 and 85: Image ParametersNominal(Projected I
Page 86 and 87: Input Code Values Output Chromatici
Page 88 and 89: 8.4. Projector Interfaces8.4.1. Int
Page 90 and 91: • Lens Shift Up / Down• Lamp Mo
Page 92 and 93: • Essence Encryption and Cryptogr
Page 94 and 95: content keys and Trusted Device Lis
Page 96 and 97: Figure 14: Digital Cinema Security
Page 98 and 99: Figure 15 presents the two fundamen
Page 100 and 101: DCI Digital Cinema System Specifica
Page 102 and 103: 9.4.2.3. Media Blocks (MBs)The term
Page 104 and 105: which TLS-based authentication alon
Page 106 and 107: working with the security infrastru
Page 108 and 109: Figure 18: Show Playback Overview9.
Page 110 and 111: a. Playout shall be fully supported
Page 112 and 113: 9.4.5. Intra-Theater Communications
Page 114 and 115: 4. Projector SPB designs shall not
Page 116 and 117: the event, and zero all Critical Se
Page 120 and 121: . The SM shall independently authen
Page 122 and 123: 6. No broadcast RRP commands shall
Page 124 and 125: Functions of the Security Manager (
Page 126 and 127: Note: DCI reserves the right, at so
Page 128 and 129: • Is required to survive camcorde
Page 130 and 131: • Log Data - Security event infor
Page 132 and 133: using the GetEventList and GetEvent
Page 134 and 135: failure) per Section 9.6.1.3 Digita
Page 136 and 137: • Secure Silicon -Sensitive data
Page 138 and 139: secure silicon chip, input/output s
Page 140 and 141: FIPS 140-2 level 3 devices provide
Page 142 and 143: to the appropriate Section 9.4.5.2.
Page 144 and 145: those under the control of the Secu
Page 146 and 147: Security Managers (SMs) other than
Page 148 and 149: The above RSA asymmetric protection
Page 150 and 151: THIS PAGE LEFT BLANK INTENTIONALLYD
Page 152 and 153: CPRL Acronym for Component Position
Page 154 and 155: LTCMain TitlesMBMDMEMetadataMTBFMXF
Page 156: TDLTimed TextTLMTLSTMSTrack FileUDP
show all

DCI Specs - Digital Cinema Initiatives

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?