DCI Specs - Digital Cinema Initiatives

More documents

Recommendations

Info

. The SM shall independently authenticate each remote SPB using a dedicatedTLS session.c. SMs shall enable multiple Link Encryption operation only when the SM receives aKDM whose TDL contains only the identities of the remote SPBs identified duringTLS authentication. This matching is an indication to the SM that the multipleLink Encryption operation has been approved by the content owner.d. The image processor (LD/LE) device shall be protected by a type 1 SPB. ThisSPB shall meet the requirements of Section 9.4.3.6.2.1 Normative Requirementsfor LD/LE SPB Devices.e. The SM shall independently key each remote SPB for Link Encryption operationusing standardized Intra-Theater security Messaging per Section 9.4.5.f. The SM shall not support the use of more than one image processor SPB for anyLDB/projector system.g. The two Link Encryption stages of the image processor configuration may usethe same LE key(s). The SM shall key the multiple LDB/projector configurationusing different LE keys for each LDB/projector system.9.4.5. Intra-Theater CommunicationsThis Section discusses requirements for communications necessary to support securityfunctions in each auditorium. Depending upon facility communications network designs,there may be both intra-auditorium as well as theater-wide networks and these may bephysically one network. The security system requires and addresses only the intraauditoriumnetwork, over which Intra-Theater (security) Messages (ITM) are employed.Intra-Theater Message(s) (ITMs) are described for communications between the SMS andSM, and between the SM and remote Secure Processing Blocks (SPBs). Note that,depending upon SPB designs, the numbers of SPBs used, and the mix of Security Entities(SEs) within them may vary.9.4.5.1. Transport Layer Security Sessions, End Points and Intra-TheaterMessagingThe Transport Layer Security (TLS) standard has been selected to provide protection forITMs within the theater. As part of establishing TLS communications sessions, bothparties, to the connection, present their digital certificates to achieve mutualauthentication. The authentication shall utilize digital certificates as defined in Section9.8, which facilitate a cryptographic process that identifies the SMS and each SPBdevice to the SM.The SM and SMS shall both conduct their intra-theater security messaging under TLSprotection (IETF RFC 2246).All TLS end points shall be within the physical protection perimeter of the associatedSPB. No SPB requirements are placed on the SMS.9.4.5.2. Intra-Theater Message DefinitionsThis section identifies the set of Intra-Theater Message Request Response Pairs(RRPs) to be standardized. These are required to support interoperability andnormative operational and security behavior of SPB systems.DCI Digital Cinema System Specification v.1.2 Page 120
9.4.5.2.1. Intra-theater Message HierarchyThe following hierarchy for Intra-Theater Messaging (ITM) is defined:• Transactions – Describe the interactions between exhibition components(Security Entities) and the system state changes that occur as a result of thetransaction.• Request/Response Pairs (RRP) – Describes a single interaction between theSEs. At least one RRP is required to implement a transaction.• Messages – A data structure that passes between SEs. An RRP consists of arequest message and a resultant response message.A transaction consists of sequences of RRPs, and RRPs are pairings of messages.A transaction is an interaction, or series of interactions (RRPs) that change the statein one or more participating SEs in a consistent manner. Transactions need not bestandardized. In assembling transactions, the sequences of RRPs used may varyaccording to the equipment vendor or facility configuration. Transactions shall be“idempotent” (such a transaction may be repeated without changing its outcome).Thus, if the initiator of a transaction does not receive evidence of satisfactorycompletion, it may safely initiate the transaction again without fear of unexpectedconsequences.RRP standards do not apply inside of Secure Processing Blocks (SPBs), howeverRRP concepts are developed assuming that a Security Entity (SE) will exist logicallywithin a SPB, even if not distinctly in hardware. The SPB is allowed to proxy for anySE (within it) in the support of security messaging.9.4.5.2.2. Terms and AbbreviationsThe following abbreviations and terms are used in this ITM section:• Requester = initiator of an RRP• Responder = answers the RRP• UDP & TCP = IP protocols for delivering blocks of bytes (UDP) or stream ofbytes (TCP)9.4.5.2.3. General RRP Requirements1. Only the SMS or SM shall set up Transport Layer Security (TLS) sessions.TLS session establishment between SMS and SM may be initiated by eitherparty. Except where noted, only the SMS or SM shall initiate RRPs.2. Security Managers (SMs) shall not communicate with SPBs other than thosein its suite, and SPBs shall not communicate with SMs other than the oneassigned to their suite.3. During normal operations, Secure Processing Blocks (SPBs) shall maintaintheir TLS communications sessions with the SM open and active at all times.4. Absence of a response after an RRP is directed to a SPB over an active TLSsession represents a network failure or SPB fault condition. Playback shallcontinue under network failure conditions to the extent possible.5. Unless otherwise noted, an RRP response is allowed to be busy or anunsupported message type, and such a response shall not be an error event.DCI Digital Cinema System Specification v.1.2 Page 121
Page 1 and 2:
Digital Cinema Initiatives, LLCDigi
Page 3 and 4:
Table of Contents1. OVERVIEW 151.1.
Page 5 and 6:
5.2.2. Packaging Fundamental Requir
Page 8 and 9:
7.5.5.1. Introduction..............
Page 10 and 11:
9.4.2.5. Screen Management System (
Page 12 and 13:
Table of FiguresFigure 1: System Ov
Page 14 and 15:
THIS PAGE LEFT BLANK INTENTIONALLYD
Page 16 and 17:
equirements for encrypting the esse
Page 18 and 19:
• This document specifies a basel
Page 20 and 21:
DCI Digital Cinema System Specifica
Page 22 and 23:
2.1.1. Major System Concepts2.1.1.1
Page 24 and 25:
2.1.1.8. ReelsFeature films have be
Page 26 and 27:
Metadata within the DCDM provides a
Page 28 and 29:
3.2.1.6. Transfer FunctionThe CIE X
Page 30 and 31:
The information, as shown in Table
Page 32 and 33:
AES Pair#/Ch# Channel # Label / Nam
Page 34 and 35:
3.3.4. File Format3.3.4.1. GeneralT
Page 36 and 37:
3.4.3. Timed Text Concepts and Requ
Page 38 and 39:
Page 40 and 41:
• All decoders shall decode each
Page 42 and 43:
Page 44 and 45:
5.2.2.3. InteroperableThe Packaging
Page 46 and 47:
Figure 6: Example Show PlaylistThe
Page 48 and 49:
Length (Value Length), followed by
Page 50 and 51:
which it was stopped or paused. It
Page 52 and 53:
5.3.4.2. Frame BoundariesThe Audio
Page 54 and 55:
• Rating• Aspect Ratio• Image
Page 56 and 57:
• Annotation Text parameter (opti
Page 58 and 59:
Page 60 and 61:
7.2.3.1. ReliabilityA key part of t
Page 62 and 63:
• Country• Rating• Aspect Rat
Page 64 and 65:
facility, while the system is in op
Page 66 and 67:
Exhibitor and the Distributor, data
Page 68 and 69:
7.5.2.2. Ingest InterfacesExcept fo
Page 70 and 71: (channels) * hours * 60 min/hour *
Page 72 and 73: 7.5.4.2.4. UnpackagingAny packaged
Page 74 and 75: 7.5.6. Audio System7.5.6.1. Introdu
Page 76 and 77: made up of Theater System devices a
Page 78 and 79: DCI Digital Cinema System Specifica
Page 80 and 81: 8.2.2.3. Alternative ContentThe pro
Page 82 and 83: With the projector turned off or wi
Page 84 and 85: Image ParametersNominal(Projected I
Page 86 and 87: Input Code Values Output Chromatici
Page 88 and 89: 8.4. Projector Interfaces8.4.1. Int
Page 90 and 91: • Lens Shift Up / Down• Lamp Mo
Page 92 and 93: • Essence Encryption and Cryptogr
Page 94 and 95: content keys and Trusted Device Lis
Page 96 and 97: Figure 14: Digital Cinema Security
Page 98 and 99: Figure 15 presents the two fundamen
Page 100 and 101: DCI Digital Cinema System Specifica
Page 102 and 103: 9.4.2.3. Media Blocks (MBs)The term
Page 104 and 105: which TLS-based authentication alon
Page 106 and 107: working with the security infrastru
Page 108 and 109: Figure 18: Show Playback Overview9.
Page 110 and 111: a. Playout shall be fully supported
Page 112 and 113: 9.4.5. Intra-Theater Communications
Page 114 and 115: 4. Projector SPB designs shall not
Page 116 and 117: the event, and zero all Critical Se
Page 118 and 119: window) shall be UTC.Security Manag
Page 122 and 123: 6. No broadcast RRP commands shall
Page 124 and 125: Functions of the Security Manager (
Page 126 and 127: Note: DCI reserves the right, at so
Page 128 and 129: • Is required to survive camcorde
Page 130 and 131: • Log Data - Security event infor
Page 132 and 133: using the GetEventList and GetEvent
Page 134 and 135: failure) per Section 9.6.1.3 Digita
Page 136 and 137: • Secure Silicon -Sensitive data
Page 138 and 139: secure silicon chip, input/output s
Page 140 and 141: FIPS 140-2 level 3 devices provide
Page 142 and 143: to the appropriate Section 9.4.5.2.
Page 144 and 145: those under the control of the Secu
Page 146 and 147: Security Managers (SMs) other than
Page 148 and 149: The above RSA asymmetric protection
Page 150 and 151: THIS PAGE LEFT BLANK INTENTIONALLYD
Page 152 and 153: CPRL Acronym for Component Position
Page 154 and 155: LTCMain TitlesMBMDMEMetadataMTBFMXF
Page 156: TDLTimed TextTLMTLSTMSTrack FileUDP
show all

DCI Specs - Digital Cinema Initiatives

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?