DCI Specs - Digital Cinema Initiatives

More documents

Recommendations

Info

secure silicon chip, input/output signals to the chip, and signals goingbetween the SPBs is not possible without causing permanent and easilyvisible damage to either or both of the SPBs.• Projector SPB access doors or panels shall be lockable using pick-resistantmechanical locks employing physical or logical keys, or shall be protectedwith tamper-evident seals (e.g., evidence tape or holographic seals). Inaddition, protection from external probing of security-sensitive signals (i.e.,image essence and the silicon chip input/output signals) shall be provided byassuring barriers exist to prevent access to such signals via ventilation holesor other openings.The FIPS references of only this section establish technical and robustness thresholdsfor selected aspects of projector SPB implementations. The requirements to follow FIPS140-2 guidelines do not require FIPS certification or strict FIPS 140-2 documentation orevaluation criteria be undertaken.In summary, a tamper detecting/responding secure silicon chip provides protection forCSPs. Protection for image essence (and the silicon chip) is provided by the projector’sSPB’ physical perimeter. An SPB type 2 intrusion detection/response is minimallyprovided by the access door open detection, and Exhibition visual inspection is reliedupon to detect physical abuse that might allow compromise of, or access to, decryptedimage essence.9.5.2.5. FIPS 140-2 Requirements for Type 1 Secure Processing BlocksRobustness requirements for Digital Cinema Secure Processing Blocks (SPBs) shallfollow the guidelines of the Federal Information Processing Standards [FIPS PUB 140-2] 28 . A summary of these requirements is shown in the table below.FIPS 140-2 specifies eleven areas for evaluation against a rating, which shall beperformed by US government recognized independent laboratories.All SPB type 1 shall meet and be certified for the requirements of FIPS 140-2 Level 3 inall areas except those subject to the following exceptions or additional notes (the Nrindicators refer to the table items by row):• Nr 2 – Logical data port separation requirements shall be supported by theuse of Transport Layer Security (TLS) protection on well known port 1173 asdefined in Section 9.4.5.2.3 General RRP Requirements.• Nr 6 – The software operating environment of Secure Processing Blocks(SPBs) shall be restricted to the Limited Operational Environment. Thiseliminates the requirements for Common Criteria (CC) and EvaluationAssurance Level (EAL) testing, and any additional FIPS140-2-specificlogging/audit processes other than those specified in Section 9.5.2.7 SPBFirmware Modifications for firmware modifications.• Nr 7 – Section 9.7 Essence Encryption and Cryptography of these DigitalCinema requirements shall supersede any conflicts with Nr 7.• Nr 8 – Secure Processing Blocks (SPBs) shall only be required to meetSecurity Level 2 business use A FCC class requirements.28 Readers unfamiliar with [FIPS PUB 140-2] will need to refer to the standards text to fully understand the table andexceptions.DCI Digital Cinema System Specification v.1.2 Page 138
• Nr 10 – Design Assurance requirements may meet Security Level 2requirements.• Nr 1 and Nr 11 – Vendor-specified Security Policy specifications shall be inalignment with and fully support the requirements of this Digital Cinemaspecification, in addition to vendor-specific policies.Nr Section Security Level 1 Security Level 2 Security Level 3 Security Level 41 CryptographicModuleSpecification2 CryptographicModule PortsAnd Interfaces3 Roles, ServicesAndAuthentication4 Finite StateModel5 PhysicalSecurity6 OperationalEnvironment7 CryptographicKeyManagementSpecification of cryptographic module, cryptographic boundary, Approved algorithms,and Approved modes of operation. Description of cryptographic module, including allhardware, software, and firmware components. Statement of module security policy.Required and optional interfaces.Specification of all interfaces and of allinput and output data paths.Logical separationof required andoptional roles andservices.Role-based oridentity-basedoperatorauthentication.Data ports for unprotected criticalsecurity parameters logically separatedfrom other data ports.Identity-based operator authentication.Specification of finite state model. Required states and optional states. State transitiondiagram and specification of state transitions.Production grade Locks or tamper Tamper detection Tamper detect &equipment. evidence.and response for response. EFPSingle operator.Executable code.Approved integritytechnique.Referenced PPsevaluated at EAL2with discretionaryaccess controlmechanisms andauditing.covers and doors.Referenced PPsplus trusted pathevaluated at EAL3plus security policymodeling.and EFT.Referenced PPsplus trusted pathevaluated atEAL4.Key management mechanisms: random number and key generation, keyestablishment, key distribution, key entry/output, key storage, & key zeroization.Secret and private keys established usingmanual methods may be entered oroutput in plaintext form.8 EMI/EMC 47 CFR FCC Part 15. Subpart B, Class A(Business use). Applicable FCCrequirements (for radio).9 Self-Tests Power-up tests: cryptographic algorithmtests, software/firmware integrity tests,10 DesignAssurance-- Mitigation ofOther Attackscritical functions tests. Conditional tests.Configuration CM system.management Secure distribution.(CM). Secure Functionalinstallation and specification.generation. Designand policycorrespondence.Guidancedocuments.Secret and private keys establishedusing manual methods shall be enteredor output encrypted or with splitknowledge procedures.47 CFR FCC Part 15. Subpart B, ClassB (Home use).Statistical RNGtests. Callable ondemandHigh-levellanguageimplementation.Statistical RNGtests performed atpower-up.Formal model.Detailedexplanations(informal proofs).Pre/postconditions.Specification of mitigation of attacks for which no testable requirements are currentlyavailable.Table 20: Summary of FIPS 140-2 Security Requirements 29Table 20 does not reflect the most current FIPS 140-2 table, and shall be considered informative(refer to FIPS 140-2 publications for the most current version of this table).29 From Section 4 of [FIPS PUB 140-2]DCI Digital Cinema System Specification v.1.2 Page 139
Page 1 and 2:
Digital Cinema Initiatives, LLCDigi
Page 3 and 4:
Table of Contents1. OVERVIEW 151.1.
Page 5 and 6:
5.2.2. Packaging Fundamental Requir
Page 8 and 9:
7.5.5.1. Introduction..............
Page 10 and 11:
9.4.2.5. Screen Management System (
Page 12 and 13:
Table of FiguresFigure 1: System Ov
Page 14 and 15:
THIS PAGE LEFT BLANK INTENTIONALLYD
Page 16 and 17:
equirements for encrypting the esse
Page 18 and 19:
• This document specifies a basel
Page 20 and 21:
DCI Digital Cinema System Specifica
Page 22 and 23:
2.1.1. Major System Concepts2.1.1.1
Page 24 and 25:
2.1.1.8. ReelsFeature films have be
Page 26 and 27:
Metadata within the DCDM provides a
Page 28 and 29:
3.2.1.6. Transfer FunctionThe CIE X
Page 30 and 31:
The information, as shown in Table
Page 32 and 33:
AES Pair#/Ch# Channel # Label / Nam
Page 34 and 35:
3.3.4. File Format3.3.4.1. GeneralT
Page 36 and 37:
3.4.3. Timed Text Concepts and Requ
Page 38 and 39:
Page 40 and 41:
• All decoders shall decode each
Page 42 and 43:
Page 44 and 45:
5.2.2.3. InteroperableThe Packaging
Page 46 and 47:
Figure 6: Example Show PlaylistThe
Page 48 and 49:
Length (Value Length), followed by
Page 50 and 51:
which it was stopped or paused. It
Page 52 and 53:
5.3.4.2. Frame BoundariesThe Audio
Page 54 and 55:
• Rating• Aspect Ratio• Image
Page 56 and 57:
• Annotation Text parameter (opti
Page 58 and 59:
Page 60 and 61:
7.2.3.1. ReliabilityA key part of t
Page 62 and 63:
• Country• Rating• Aspect Rat
Page 64 and 65:
facility, while the system is in op
Page 66 and 67:
Exhibitor and the Distributor, data
Page 68 and 69:
7.5.2.2. Ingest InterfacesExcept fo
Page 70 and 71:
(channels) * hours * 60 min/hour *
Page 72 and 73:
7.5.4.2.4. UnpackagingAny packaged
Page 74 and 75:
7.5.6. Audio System7.5.6.1. Introdu
Page 76 and 77:
made up of Theater System devices a
Page 78 and 79:
DCI Digital Cinema System Specifica
Page 80 and 81:
8.2.2.3. Alternative ContentThe pro
Page 82 and 83:
With the projector turned off or wi
Page 84 and 85:
Image ParametersNominal(Projected I
Page 86 and 87:
Input Code Values Output Chromatici
Page 88 and 89: 8.4. Projector Interfaces8.4.1. Int
Page 90 and 91: • Lens Shift Up / Down• Lamp Mo
Page 92 and 93: • Essence Encryption and Cryptogr
Page 94 and 95: content keys and Trusted Device Lis
Page 96 and 97: Figure 14: Digital Cinema Security
Page 98 and 99: Figure 15 presents the two fundamen
Page 100 and 101: DCI Digital Cinema System Specifica
Page 102 and 103: 9.4.2.3. Media Blocks (MBs)The term
Page 104 and 105: which TLS-based authentication alon
Page 106 and 107: working with the security infrastru
Page 108 and 109: Figure 18: Show Playback Overview9.
Page 110 and 111: a. Playout shall be fully supported
Page 112 and 113: 9.4.5. Intra-Theater Communications
Page 114 and 115: 4. Projector SPB designs shall not
Page 116 and 117: the event, and zero all Critical Se
Page 118 and 119: window) shall be UTC.Security Manag
Page 120 and 121: . The SM shall independently authen
Page 122 and 123: 6. No broadcast RRP commands shall
Page 124 and 125: Functions of the Security Manager (
Page 126 and 127: Note: DCI reserves the right, at so
Page 128 and 129: • Is required to survive camcorde
Page 130 and 131: • Log Data - Security event infor
Page 132 and 133: using the GetEventList and GetEvent
Page 134 and 135: failure) per Section 9.6.1.3 Digita
Page 136 and 137: • Secure Silicon -Sensitive data
Page 140 and 141: FIPS 140-2 level 3 devices provide
Page 142 and 143: to the appropriate Section 9.4.5.2.
Page 144 and 145: those under the control of the Secu
Page 146 and 147: Security Managers (SMs) other than
Page 148 and 149: The above RSA asymmetric protection
Page 150 and 151: THIS PAGE LEFT BLANK INTENTIONALLYD
Page 152 and 153: CPRL Acronym for Component Position
Page 154 and 155: LTCMain TitlesMBMDMEMetadataMTBFMXF
Page 156: TDLTimed TextTLMTLSTMSTrack FileUDP
show all

DCI Specs - Digital Cinema Initiatives

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?