DCI Specs - Digital Cinema Initiatives

More documents

Recommendations

Info

• Secure Silicon –Sensitive data can only be compromised by a physicalattack on a secure Integrated Circuit storing the data.a. Secure integrated circuits used for Digital Cinema security applicationsshall be of the type designed to resist physical and logical attacks, andshall ensure that a physical attack destroys CSPs prior to exposure.Devices meeting the “secure silicon” level of protection shall only berequired to meet FIPS 140-2 level 3 row (area) five: "physical securityrequirements.”b. Secure silicon level protection shall be used within both SPB type 1 andSPB type 2, with such protection continuously provided (including ifpowered down) for all SE and Secure Processing Block (SPB) privatekeys and content image keys.c. Image keys may be stored outside of the secure silicon that performedKDM decryption, provided that such storage meets the requirements ofSection 9.7.4 Protection of Content Keys. Device private keys, whetherencrypted or not, shall not exist outside of the secure silicon device.• Secure Processing Block (SPB) Hardware Module – Sensitive data willonly be exposed by penetration of a physical barrier, which surrounds theelectronics.a. All Secure Processing Block (SPB) module designs shall implementhardware module perimeter protection that prevents access to internalcircuitry and detects opening of the module perimeter. Further protectionof keys and clear text content should use techniques such as buryingsensitive traces, applying tamper resistant integrated circuit coverings,and tamper responsive circuitry. Detailed SPB type 1 and SPB type 2physical protection requirements are defined below in Section 9.5.2.4Specific Requirements for Type 2 Secure Processing Blocks and Section9.5.2.5 FIPS 140-2 Requirements for Type 1 Secure Processing Blocks.b. Other than the SMS, no Security Entity (SE) shall exist outside theprotection of a SPB type 1.• Software – Protection implemented in software can be compromised throughmodifications to the software, inspection of memory, or monitoring of bussignals.a. Software protection methods shall not be used to protect Critical SecurityParameter or content essence.9.5.2.3. Repair and RenewalThe following address restrictions on repair and renewal of Secure Processing Blocks(SPBs) and associated cryptographic parameters:• Type 1 SPBs may be field replaceable (as an entire SPB module) byExhibition, but shall not be field serviceable (e.g., SPB type 1 maintenanceaccess doors shall not be open-able in the field).• The secure silicon device, contained within a SPB type 2, shall not be fieldserviceable, but may be field replaceable. It shall not be accessible duringnormal SPB type 2 operation or non-security-related servicing.• Repair and renewal processes for an SPB type 1 and SPB type 2 shall beDCI Digital Cinema System Specification v.1.2 Page 136
performed under the supervision of the security equipment vendor.Maintenance of the SPB type 2 (projector) is permitted for non-securitycomponents accessible via maintenance openings.• All type 1 SPBs shall be issued a new private/public key pair and certificateupon any repair or renewal process that requires opening of the SPBperimeter. (Note that Section 9.7.6 precludes maintaining records of privatekey information.)Repair and renewal is limited to failed devices, or devices which have lost or zeroed theirsecrets (e.g., private keys or digital certificates). Such maintenance does not effect thedevice’s FIPS 140-2 certification or compliance, as long as Section 9.5.2.5 FIPS 140-2Requirements for Type 1 Secure Processing Blocks requirements are met.Requirements for firmware changes to SPBs are given in Section 9.5.2.7 SPB FirmwareModifications.9.5.2.4. Specific Requirements for Type 2 Secure Processing BlocksThe SPB type 2 container has been defined specifically for protection of image essenceexiting either a Link Decryptor Block or Image Media Block (companion SPBs to theprojector SPB) and entering the projector. The purpose of this SPB is to protect theimage essence signal as far as practical, recognizing that “all the way to light” productionis probably not possible. It is also preferable not to impose formal FIPS 140-2requirements on this SPB, as the security and signal flow functions are relatively simple.This SPB is anticipated to surround two fundamental functional environments:1. A security environment consisting of a secure silicon chip, input/output signals tothe chip and projector SPB perimeter open detection signals and circuits.2. A projector image signal processing environment, that prepares the image signalfor light production.The latter environment may require field maintenance, and therefore the projector SPBis allowed to have access doors available to Exhibition personnel. The logicalrelationship and electrical connectivity between the companion and projector SPB wasdefined in Section 9.4.3.6 Functional Requirements for Secure Processing BlockSystems. In addition to these and the requirements of Section 9.5.2.1 Device PerimeterIssues and Section 9.5.2.2 Physical Security of Sensitive Data additional projector SPBrequirements are as follows:• Table 20: Summary of FIPS 140-2 Security Requirements, FIPS 140-2 level3 requirements shall be followed for area (row) number 2, with TransportLayer Security (TLS) security as defined in these specifications providinginput/output logical separation protection if TLS is used for projectorauthentication. The operational environment of the secure chip shall follow Nr6 of the Limited Operational Environment of Table 20: Summary of FIPS140-2 Security Requirements (also see Section 9.5.2.7 SPB FirmwareModifications).• The projector SPB silicon chip and associated input/output signals shall notbe accessible via the SPB’s maintenance door or other openings (i.e., thereshall be a partition that separates the chip and signals from the maintenanceaccessible areas).• The physical environment surrounding the connected (married) companionand projector SPBs shall be designed such that access to the projector SPBDCI Digital Cinema System Specification v.1.2 Page 137
Page 1 and 2:
Digital Cinema Initiatives, LLCDigi
Page 3 and 4:
Table of Contents1. OVERVIEW 151.1.
Page 5 and 6:
5.2.2. Packaging Fundamental Requir
Page 8 and 9:
7.5.5.1. Introduction..............
Page 10 and 11:
9.4.2.5. Screen Management System (
Page 12 and 13:
Table of FiguresFigure 1: System Ov
Page 14 and 15:
THIS PAGE LEFT BLANK INTENTIONALLYD
Page 16 and 17:
equirements for encrypting the esse
Page 18 and 19:
• This document specifies a basel
Page 20 and 21:
DCI Digital Cinema System Specifica
Page 22 and 23:
2.1.1. Major System Concepts2.1.1.1
Page 24 and 25:
2.1.1.8. ReelsFeature films have be
Page 26 and 27:
Metadata within the DCDM provides a
Page 28 and 29:
3.2.1.6. Transfer FunctionThe CIE X
Page 30 and 31:
The information, as shown in Table
Page 32 and 33:
AES Pair#/Ch# Channel # Label / Nam
Page 34 and 35:
3.3.4. File Format3.3.4.1. GeneralT
Page 36 and 37:
3.4.3. Timed Text Concepts and Requ
Page 38 and 39:
Page 40 and 41:
• All decoders shall decode each
Page 42 and 43:
Page 44 and 45:
5.2.2.3. InteroperableThe Packaging
Page 46 and 47:
Figure 6: Example Show PlaylistThe
Page 48 and 49:
Length (Value Length), followed by
Page 50 and 51:
which it was stopped or paused. It
Page 52 and 53:
5.3.4.2. Frame BoundariesThe Audio
Page 54 and 55:
• Rating• Aspect Ratio• Image
Page 56 and 57:
• Annotation Text parameter (opti
Page 58 and 59:
Page 60 and 61:
7.2.3.1. ReliabilityA key part of t
Page 62 and 63:
• Country• Rating• Aspect Rat
Page 64 and 65:
facility, while the system is in op
Page 66 and 67:
Exhibitor and the Distributor, data
Page 68 and 69:
7.5.2.2. Ingest InterfacesExcept fo
Page 70 and 71:
(channels) * hours * 60 min/hour *
Page 72 and 73:
7.5.4.2.4. UnpackagingAny packaged
Page 74 and 75:
7.5.6. Audio System7.5.6.1. Introdu
Page 76 and 77:
made up of Theater System devices a
Page 78 and 79:
DCI Digital Cinema System Specifica
Page 80 and 81:
8.2.2.3. Alternative ContentThe pro
Page 82 and 83:
With the projector turned off or wi
Page 84 and 85:
Image ParametersNominal(Projected I
Page 86 and 87: Input Code Values Output Chromatici
Page 88 and 89: 8.4. Projector Interfaces8.4.1. Int
Page 90 and 91: • Lens Shift Up / Down• Lamp Mo
Page 92 and 93: • Essence Encryption and Cryptogr
Page 94 and 95: content keys and Trusted Device Lis
Page 96 and 97: Figure 14: Digital Cinema Security
Page 98 and 99: Figure 15 presents the two fundamen
Page 100 and 101: DCI Digital Cinema System Specifica
Page 102 and 103: 9.4.2.3. Media Blocks (MBs)The term
Page 104 and 105: which TLS-based authentication alon
Page 106 and 107: working with the security infrastru
Page 108 and 109: Figure 18: Show Playback Overview9.
Page 110 and 111: a. Playout shall be fully supported
Page 112 and 113: 9.4.5. Intra-Theater Communications
Page 114 and 115: 4. Projector SPB designs shall not
Page 116 and 117: the event, and zero all Critical Se
Page 118 and 119: window) shall be UTC.Security Manag
Page 120 and 121: . The SM shall independently authen
Page 122 and 123: 6. No broadcast RRP commands shall
Page 124 and 125: Functions of the Security Manager (
Page 126 and 127: Note: DCI reserves the right, at so
Page 128 and 129: • Is required to survive camcorde
Page 130 and 131: • Log Data - Security event infor
Page 132 and 133: using the GetEventList and GetEvent
Page 134 and 135: failure) per Section 9.6.1.3 Digita
Page 138 and 139: secure silicon chip, input/output s
Page 140 and 141: FIPS 140-2 level 3 devices provide
Page 142 and 143: to the appropriate Section 9.4.5.2.
Page 144 and 145: those under the control of the Secu
Page 146 and 147: Security Managers (SMs) other than
Page 148 and 149: The above RSA asymmetric protection
Page 150 and 151: THIS PAGE LEFT BLANK INTENTIONALLYD
Page 152 and 153: CPRL Acronym for Component Position
Page 154 and 155: LTCMain TitlesMBMDMEMetadataMTBFMXF
Page 156: TDLTimed TextTLMTLSTMSTrack FileUDP
show all

DCI Specs - Digital Cinema Initiatives

Create successful ePaper yourself

Delete template?

Save as template?