Digital Cinema Initiatives

ARCHIVES Specification Errata

«Previous Page

Erratum Spec 1.0 Page Sections Affected Description


80,96 9.4.1 Item (2) and Item (7). Both sections (which have to do with projector SPB requirements) incorrectly reference "9.7.3 Subtitle Encryption" rather than "9.5.2 Robustness".


81 9.4.1 For clarification, subtitle decryption is expected to be performed in the server or the Image Media Block. It is not expected that subtitle decryption will be performed in the projector post-Image Media Block or post-Link Decryptor Block. See also footnote 19.


52 Table 9 Incorrect Calculated Table Values - See Detail Here
NOTE: this has been revised in next errata


97 It is clarified that Section item (2) refers to an integrated IMB/Projector implementation (as opposed to an integrated IMB/server implementation) and should be considered part of item (4).


98 Section should clarify that in the case where the Projector and companion SPB are inseparable, a single Digital Cinema Certificate shall represent both the Projector and its companion SPB (Image Media Block or Link Decryptor Block). This change follows Erratum 10 - "single digital certificate per SPB" constraint in Section 9.5.1.


103 Table 15 Table 15 Category 1 "operational messages" of Section are not considered security messages. Therefore, following the requirements of Section #9, operational messages shall not use TCP port 1173. Operational messages shall follow other stated RRP requirements, and operate under TLS.


113 The 'no FM mark' state described in Section item 3a shall not be indicated by a default key, but shall be indicated by the 'ForensicMarkFlagList' element of the KDM. All other references to such default key in Section (or other sections as applicable) shall similarly accept the 'no FM mark' indicator as being this KDM element.


115 Item (9) of Section shall be replaced as follows: "The Image Media Block shall internally store at least twelve (12) months of typical log data accumulation for the auditorium in which it is installed, including log data collected from the associated remote SPBs."


120 Table 34 The "Log Messages/Log Management" class (Table 34) was designed to provide a record of log upload events. Since stored logs are not deleted from the SPB after uploads (but remain for twelve months), this record class is not required.


122 9.5.1 The first paragraph of Section 9.5.1 shall be changed to indicate that a) each SPB carry "exactly one" Digital Cinema certificate, and b) SEs contained within an SPB shall share this one certificate (with their roles appropriately noted as stated). Footnote 28 is no longer needed. In addition, the reference to RFC2459 shall be changed to RFC3280 (RFC 3280 obsoletes RFC2459).


124 "Secure Silicon" (item (a) of the first bullet, Section shall only be required to meet FIPS 140-2 level 3 row (area) five: "physical security requirements".


125 The reference in the last sentence of this section is incorrect and should be " - SPB Firmware Modifications".


127 Delete the second bullet point (Nr3). (FIPS processes are eased by separating FIPS roles and authentication from DCI device/operator roles and authentication. The former is addressed by vendors as part of FIPS documentation, the latter is addressed by the TLS authentication and AuthorityID requirements of Section 9.4.5).


127 Table 37 does not reflect the most current FIPS 140-2 table, and shall be considered informative (refer to FIPS 140-2 publications for the most current version of this table).


128 Section shall be re-titled "Critical Security Parameters and D-Cinema Security Parameters". Items #6 (forensic marking parameters) and #8 (log data/parameters) shall not be classified as FIPS 140-2 Critical Security Parameters (CSP), but shall be classified as "D-Cinema Security Parameters". Item #9 shall be replaced with: 'D-Cinema Security Parameters (DCSP) shall at all times be protected by a type 1 SPB perimeter (except where log data is extracted per Section'


128 The information requirements of bullet two shall include time/date and version number information associated with any firmware change, in addition to the authority figure. The requirements for FIPS Level 3 audit/recording of bullet four are encouraged but shall be optional.


129 9.5.4 For clarification, subtitle decryption is expected to be performed in the server or the Image Media Block. It is not expected that subtitle decryption will be performed in the projector post-Image Media Block or post-Link Decryptor Block. If subtitle decryption does not take place in the Image Media Block or server (such that subtitle decryption keys must be exported from the IMB and transported to the subtitle decryptor location), subtitle decryption keys shall be transported to the subtitle decryptor via the standard 'KeyLoad' Intra-Theater Message (ITM - see Section 9.4.5) operating under TLS.


130 9.5.6 The following sentence shall be appended to the end of the first bullet of Section 9.5.6: 'In particular, such firewall protection shall prevent (filter) communications to or from any port 1173, other than directly between security equipment within a single auditorium'.


135 9.7.6 Though intended to specify key generation requirements for both symmetric and asymmetric cryptographic needs, the stated RFC 3447 covers only the latter (RSA keys). Symmetric key generation shall be per ANSI X9.31

next »


The DCI Digital Cinema System Specification Version 1.0 has been updated to version 1.1. Version 1.1 incorporates Erratum # 1 - # 148 into the body of its text. Version 1.0 and Erratum # 1 - # 148 are provided here for archival purposes.

Digital Cinema System Specification
July 20, 2005