DCI Specs - Digital Cinema Initiatives

More documents

Recommendations

Info

• Log Data – Security event information that is recorded and stored within theSecurity Entity (SE), where such an event took place or was observed.• Log Record – Standardized XML structure representing a discrete logged event.• Log Report – Standardized XML structure containing one or more log recordsspanning a continuous sequence in time. The log record content in a report isintended to be organized by class, and may be filtered prior to delivery accordingto specified criteria (Rights Owner, CPL, etc.).Following the above definitions, a basic logging process is described:• Surrounding a showing will be a number of security events that result in loggeddata. Discrete logged event data shall be placed in an XML structure called arecord.• A number of records are collected in sequence and by class to make up logreports.• A complete (unfiltered) report is useful for transferring entire sets of log data forarchiving or post-processing outside of the security system.• A “filtered” report is useful for responding to a request for log data according tospecified bounds (e.g., report the SE key usage records for CPL(id) for specificdate(s) and time(s)).• Reports may be delivered via the theater network using log messages (IntratheaterMessages), or simply transferred to a physical device (e.g., USBremovable flash memory).9.4.6.3.1. Logging Requirements1. Logging subsystem implementations shall not affect the ability of Exhibition tooperate their projection systems in a standalone fashion.2. Security Entities (SE) shall have normative requirements for the specific logdata to be recorded for each record (see see Section 9.4.6.3.7 Security LogRecords and Section 9.4.6.3.8 Log Record Information).3. Log records and reports shall be protected from undetected alteration(integrity and authentication) or deletion (continuity).4. Log records and reports shall be non-repudiable and traceable back to thesource SE device (i.e., where the logged event took place).5. Log records and reports shall carry proof of authenticity, which does not relyon the trustworthiness of the systems and channels they pass through.Systems or devices which communicate, handle or store log messages (orrecords) need not be trusted or secure.6. The content of log records shall be protected from exposure to parties otherthan the intended recipient (see Section 9.4.6.3.6 Log Filtering).7. Each Rights Owner shall be able to cryptographically confirm the integrity andcontinuity of log records and their log data independently of other RightsOwners (see Section 9.4.6.3.6 Log Filtering).8. Image Media Block SMs shall collect log information from all remote SecureProcessing Blocks in the suite it enables at the earliest equipment idle timebetween scheduled showings. To assure timely collection, TLS sessions shallDCI Digital Cinema System Specification v.1.2 Page 130
not be terminated prior to collection of all remote SPB log data, and in noevent shall more than 24 hours pass between the recording of log data by aremote SPB and the collection of such data by the IMB Security Manager.9. The Image Media Block shall internally store at least twelve (12) months oftypical log data accumulation for the auditorium in which it is installed,including log data collected from the associated remote SPBs.10. Remote Secure Processing Blocks (SPBs) shall have sufficient securestorage to hold log data to accommodate at least two days worth of typicaloperation.11. Log records stored in SPBs shall be stored in non-volatile memory and not bepurgeable. Data shall be over-written beginning with the oldest data as newlog data is accumulated. In no event shall remote SPB log records beoverwritten prior to them being collected by the SM.12. An SE shall author its own log records, or utilize the services of a proxy withinthe same secure SPB.13. SEs or their SPB proxy shall have an asymmetric identity key pair and DigitalCinema certificate for signing log records.14. SEs or their proxy shall time stamp log records, with date/time synchronizedwith the auditorium SM’s secure clock. The accuracy of the time stamprelative to the actual event shall not exceed one (1) second. Accuracy shallmean the latency between the occurrence of the event and the indicated timestamp.15. SEs or their proxy shall sequence log records with a secure and persistentcounter.16. An Image Media Block Security Manager (SM) shall associate (identify) allsuite log records with the SMS under which it operates.17. Any use of a proxy in the above, shall produce log records compliant to theserequirements.9.4.6.3.2. Log Record and Report FormatLog record and report formats shall be compliant with SMPTE 430-5-2008 D-CinemaOperations – Security Log Event Class and Constraints for D-Cinema.9.4.6.3.3. Log Integrity ControlsLog integrity controls shall be compliant with SMPTE 430-5-2008 D-CinemaOperations - Security Log Event Class and Constraints for D-Cinema.9.4.6.3.4. Security of Log Record SequencingLog record sequencing shall be compliant with SMPTE 430-5-2008 D-CinemaOperations - Security Log Event Class and Constraints for D-Cinema.9.4.6.3.5. Log Upload Protocol over Theater NetworksAuditorium suites using Link Encryption shall transfer log records from remoteSecure Processing Blocks (SPB) to that auditorium's Image Media Block (IMB) SMDCI Digital Cinema System Specification v.1.2 Page 131
Page 1 and 2:
Digital Cinema Initiatives, LLCDigi
Page 3 and 4:
Table of Contents1. OVERVIEW 151.1.
Page 5 and 6:
5.2.2. Packaging Fundamental Requir
Page 8 and 9:
7.5.5.1. Introduction..............
Page 10 and 11:
9.4.2.5. Screen Management System (
Page 12 and 13:
Table of FiguresFigure 1: System Ov
Page 14 and 15:
THIS PAGE LEFT BLANK INTENTIONALLYD
Page 16 and 17:
equirements for encrypting the esse
Page 18 and 19:
• This document specifies a basel
Page 20 and 21:
DCI Digital Cinema System Specifica
Page 22 and 23:
2.1.1. Major System Concepts2.1.1.1
Page 24 and 25:
2.1.1.8. ReelsFeature films have be
Page 26 and 27:
Metadata within the DCDM provides a
Page 28 and 29:
3.2.1.6. Transfer FunctionThe CIE X
Page 30 and 31:
The information, as shown in Table
Page 32 and 33:
AES Pair#/Ch# Channel # Label / Nam
Page 34 and 35:
3.3.4. File Format3.3.4.1. GeneralT
Page 36 and 37:
3.4.3. Timed Text Concepts and Requ
Page 38 and 39:
Page 40 and 41:
• All decoders shall decode each
Page 42 and 43:
Page 44 and 45:
5.2.2.3. InteroperableThe Packaging
Page 46 and 47:
Figure 6: Example Show PlaylistThe
Page 48 and 49:
Length (Value Length), followed by
Page 50 and 51:
which it was stopped or paused. It
Page 52 and 53:
5.3.4.2. Frame BoundariesThe Audio
Page 54 and 55:
• Rating• Aspect Ratio• Image
Page 56 and 57:
• Annotation Text parameter (opti
Page 58 and 59:
Page 60 and 61:
7.2.3.1. ReliabilityA key part of t
Page 62 and 63:
• Country• Rating• Aspect Rat
Page 64 and 65:
facility, while the system is in op
Page 66 and 67:
Exhibitor and the Distributor, data
Page 68 and 69:
7.5.2.2. Ingest InterfacesExcept fo
Page 70 and 71:
(channels) * hours * 60 min/hour *
Page 72 and 73:
7.5.4.2.4. UnpackagingAny packaged
Page 74 and 75:
7.5.6. Audio System7.5.6.1. Introdu
Page 76 and 77:
made up of Theater System devices a
Page 78 and 79:
DCI Digital Cinema System Specifica
Page 80 and 81: 8.2.2.3. Alternative ContentThe pro
Page 82 and 83: With the projector turned off or wi
Page 84 and 85: Image ParametersNominal(Projected I
Page 86 and 87: Input Code Values Output Chromatici
Page 88 and 89: 8.4. Projector Interfaces8.4.1. Int
Page 90 and 91: • Lens Shift Up / Down• Lamp Mo
Page 92 and 93: • Essence Encryption and Cryptogr
Page 94 and 95: content keys and Trusted Device Lis
Page 96 and 97: Figure 14: Digital Cinema Security
Page 98 and 99: Figure 15 presents the two fundamen
Page 100 and 101: DCI Digital Cinema System Specifica
Page 102 and 103: 9.4.2.3. Media Blocks (MBs)The term
Page 104 and 105: which TLS-based authentication alon
Page 106 and 107: working with the security infrastru
Page 108 and 109: Figure 18: Show Playback Overview9.
Page 110 and 111: a. Playout shall be fully supported
Page 112 and 113: 9.4.5. Intra-Theater Communications
Page 114 and 115: 4. Projector SPB designs shall not
Page 116 and 117: the event, and zero all Critical Se
Page 118 and 119: window) shall be UTC.Security Manag
Page 120 and 121: . The SM shall independently authen
Page 122 and 123: 6. No broadcast RRP commands shall
Page 124 and 125: Functions of the Security Manager (
Page 126 and 127: Note: DCI reserves the right, at so
Page 128 and 129: • Is required to survive camcorde
Page 132 and 133: using the GetEventList and GetEvent
Page 134 and 135: failure) per Section 9.6.1.3 Digita
Page 136 and 137: • Secure Silicon -Sensitive data
Page 138 and 139: secure silicon chip, input/output s
Page 140 and 141: FIPS 140-2 level 3 devices provide
Page 142 and 143: to the appropriate Section 9.4.5.2.
Page 144 and 145: those under the control of the Secu
Page 146 and 147: Security Managers (SMs) other than
Page 148 and 149: The above RSA asymmetric protection
Page 150 and 151: THIS PAGE LEFT BLANK INTENTIONALLYD
Page 152 and 153: CPRL Acronym for Component Position
Page 154 and 155: LTCMain TitlesMBMDMEMetadataMTBFMXF
Page 156: TDLTimed TextTLMTLSTMSTrack FileUDP
show all

DCI Specs - Digital Cinema Initiatives

Create successful ePaper yourself

Delete template?

Save as template?