DCI Specs - Digital Cinema Initiatives

More documents

Recommendations

Info

to the appropriate Section 9.4.5.2.4 Request-Response Pairs (RRP) category asspecified herein.• Image Media Blocks shall support compliance with standardized Extra-TheaterMessaging (ETM) specifications, in addition to the above compliance requirement forITMs.• The SM and Secure Processing Block systems shall meet the functionalrequirements as specified in Sections 9.4.3.5 Functions of the Security Manager(SM) and 9.4.3.6 Functional Requirements for Secure Processing Block Systems,respectively.• Compliance to SPB physical and logical requirements – Each SPB shall beevaluated against physical and logical requirements based on the SPB type perSection 9.5.2 Robustness and Physical Implementations, including FIPS 140-2requirements as applicable.Device vendors shall issue Digital Cinema certificates only to devices that comply with thisspecification. Such issuance enables the devices to become certified.A device that does not meet all of the above criteria shall not be installed in a DCI compliantDigital Cinema system. A device that does not continue to meet all the above criteria shallbe declared a Security Function Failure, and shall be taken out of service until repaired.9.5.6. Communications RobustnessThe following are required for the exhibition of content and security communications, andcommunications networks:• Theater networks shall protect security system(s) from the threat of external andinternal network-borne attacks by the use of appropriate firewalls. At a minimum,each auditorium shall have such firewall protection for any communicationsinterface(s) connecting to the intra-auditorium security network. In particular, suchfirewall protection shall prevent (filter) communications to or from any well-knownport 1173, other than directly between security equipment within a single auditorium.• Digital Cinema security messages and content shall not be carried over a wirelessnetwork, but shall be carried over wire or optical cables.• The portions of the network used to carry any security messages or content shall belogically or physically separated from any wireless network device. At a minimum, aproperly configured firewall shall separate the wired network that carries securitymessages or content from any wireless network operated at the same facility.• The network cabling or cabling trough should not be publicly accessible on thepremises.9.6. Security Features and Trust ManagementThis section describes the standardized Digital Cinema security operational features, and how“trust” is communicated and enforced to ensure security features are reliably executed. Asecurity policy is what results once the variables that develop, from the overall security systemdesign and implementation, are constrained according to desired operational characteristics. Anopen architecture security system should not dictate any specific policy, but enable stakeholdersto agree on one more policies that support business needs. Once policy has been decided, itcan be described operationally as the security feature set.DCI Digital Cinema System Specification v.1.2 Page 142
9.6.1. Digital Rights ManagementThis section identifies various features and functions that describe the operation of thesecurity system. For each auditorium equipment suite, the security system consists of threetypes of components involved in Digital Rights Management (DRM):1) The Screen Management System (SMS)2) The Security Manager (SM)3) The associated security equipment (e.g., Media Block, Link Decryption Block)The last two components have access to, and process, Digital Cinema security information(secrets), such as content keys or plain text content. They are the primary subject of thesesecurity specifications. The Screen Management System does not have access to suchsecrets. But because the Screen Management System initiates security-related activity, it isconsidered a participant in security events.The basic business philosophy is to “control lightly, audit tightly.” Per this philosophy, amovie will fail to playback only under four circumstances:1) Wrong location ) (see Table 21: Examples of Security Manager Events)2) Wrong date and time (outside the engagement window) (see Table 21: Examples ofSecurity Manager Events)3) Unauthorized device (equipment is not accepted by the content owner) (see Table21: Examples of Security Manager Events)4) Failure of, or tampering, with security equipment (see Table 22: Examples of Failureor Tampering of Security Equipment)Compliance to security system logging requirements ensures that all events having securityimplications will generate associated log records that are stored in the Image Media Block.These log records can be accessed by the exhibitor’s Screen Management System, andreports can be provided to appropriate distributors under contractual obligations.All three types of security system components (Screen Management System, SecurityManager, security equipment) have defined roles and responsibilities (e.g., to perform theirsecurity functions and generate log records), and overall security depends upon their properoperation. The descriptions below detail the three types of security system components.Included in the Security Manager and security equipment description are tables showingpossible security system operational scenarios and how the system responds to a particularissue.The tables are also designed to be informative to parties interested in understandingbusiness issues in relation to the Digital Cinema security system. It shows that the securitysystem’s reach is limited to only those areas necessary for ensuring persistent protection ofcontent and security data (keys), enabling content to play within a designated time window,and the provisioning of reliable log data (see Table 21: Examples of Security ManagerEvents and Table 22: Examples of Failure or Tampering of Security Equipment).9.6.1.1. Digital Rights Management: Screen Management SystemThe Screen Management System is responsible for managing Exhibition functions suchas showtime movie playback, and is under the control of the Exhibitor. The ScreenManagement System manages playback functions via the Security Manager, howeverthe Security Manager is at all times in control of and responsible for security functionsand events. The full compliment of Exhibition operational events therefore consists ofDCI Digital Cinema System Specification v.1.2 Page 143
Page 1 and 2:
Digital Cinema Initiatives, LLCDigi
Page 3 and 4:
Table of Contents1. OVERVIEW 151.1.
Page 5 and 6:
5.2.2. Packaging Fundamental Requir
Page 8 and 9:
7.5.5.1. Introduction..............
Page 10 and 11:
9.4.2.5. Screen Management System (
Page 12 and 13:
Table of FiguresFigure 1: System Ov
Page 14 and 15:
THIS PAGE LEFT BLANK INTENTIONALLYD
Page 16 and 17:
equirements for encrypting the esse
Page 18 and 19:
• This document specifies a basel
Page 20 and 21:
DCI Digital Cinema System Specifica
Page 22 and 23:
2.1.1. Major System Concepts2.1.1.1
Page 24 and 25:
2.1.1.8. ReelsFeature films have be
Page 26 and 27:
Metadata within the DCDM provides a
Page 28 and 29:
3.2.1.6. Transfer FunctionThe CIE X
Page 30 and 31:
The information, as shown in Table
Page 32 and 33:
AES Pair#/Ch# Channel # Label / Nam
Page 34 and 35:
3.3.4. File Format3.3.4.1. GeneralT
Page 36 and 37:
3.4.3. Timed Text Concepts and Requ
Page 38 and 39:
Page 40 and 41:
• All decoders shall decode each
Page 42 and 43:
Page 44 and 45:
5.2.2.3. InteroperableThe Packaging
Page 46 and 47:
Figure 6: Example Show PlaylistThe
Page 48 and 49:
Length (Value Length), followed by
Page 50 and 51:
which it was stopped or paused. It
Page 52 and 53:
5.3.4.2. Frame BoundariesThe Audio
Page 54 and 55:
• Rating• Aspect Ratio• Image
Page 56 and 57:
• Annotation Text parameter (opti
Page 58 and 59:
Page 60 and 61:
7.2.3.1. ReliabilityA key part of t
Page 62 and 63:
• Country• Rating• Aspect Rat
Page 64 and 65:
facility, while the system is in op
Page 66 and 67:
Exhibitor and the Distributor, data
Page 68 and 69:
7.5.2.2. Ingest InterfacesExcept fo
Page 70 and 71:
(channels) * hours * 60 min/hour *
Page 72 and 73:
7.5.4.2.4. UnpackagingAny packaged
Page 74 and 75:
7.5.6. Audio System7.5.6.1. Introdu
Page 76 and 77:
made up of Theater System devices a
Page 78 and 79:
DCI Digital Cinema System Specifica
Page 80 and 81:
8.2.2.3. Alternative ContentThe pro
Page 82 and 83:
With the projector turned off or wi
Page 84 and 85:
Image ParametersNominal(Projected I
Page 86 and 87:
Input Code Values Output Chromatici
Page 88 and 89:
8.4. Projector Interfaces8.4.1. Int
Page 90 and 91:
• Lens Shift Up / Down• Lamp Mo
Page 92 and 93: • Essence Encryption and Cryptogr
Page 94 and 95: content keys and Trusted Device Lis
Page 96 and 97: Figure 14: Digital Cinema Security
Page 98 and 99: Figure 15 presents the two fundamen
Page 100 and 101: DCI Digital Cinema System Specifica
Page 102 and 103: 9.4.2.3. Media Blocks (MBs)The term
Page 104 and 105: which TLS-based authentication alon
Page 106 and 107: working with the security infrastru
Page 108 and 109: Figure 18: Show Playback Overview9.
Page 110 and 111: a. Playout shall be fully supported
Page 112 and 113: 9.4.5. Intra-Theater Communications
Page 114 and 115: 4. Projector SPB designs shall not
Page 116 and 117: the event, and zero all Critical Se
Page 118 and 119: window) shall be UTC.Security Manag
Page 120 and 121: . The SM shall independently authen
Page 122 and 123: 6. No broadcast RRP commands shall
Page 124 and 125: Functions of the Security Manager (
Page 126 and 127: Note: DCI reserves the right, at so
Page 128 and 129: • Is required to survive camcorde
Page 130 and 131: • Log Data - Security event infor
Page 132 and 133: using the GetEventList and GetEvent
Page 134 and 135: failure) per Section 9.6.1.3 Digita
Page 136 and 137: • Secure Silicon -Sensitive data
Page 138 and 139: secure silicon chip, input/output s
Page 140 and 141: FIPS 140-2 level 3 devices provide
Page 144 and 145: those under the control of the Secu
Page 146 and 147: Security Managers (SMs) other than
Page 148 and 149: The above RSA asymmetric protection
Page 150 and 151: THIS PAGE LEFT BLANK INTENTIONALLYD
Page 152 and 153: CPRL Acronym for Component Position
Page 154 and 155: LTCMain TitlesMBMDMEMetadataMTBFMXF
Page 156: TDLTimed TextTLMTLSTMSTrack FileUDP
show all

DCI Specs - Digital Cinema Initiatives

Create successful ePaper yourself

Delete template?

Save as template?