Digital Cinema Initiatives

The DCI Digital Cinema System Specification Version 1.0 has been updated to version 1.1. Version 1.1 incorporates Erratum # 1 - # 148 into the body of its text. Version 1.0 and Erratum # 1 - # 148 are provided here for archival purposes.

Digital Cinema System Specification
V1.0
July 20, 2005

DCI_Digital_Cinema_System_Spec_v1.pdf

ARCHIVE ERRATA - SPECIFICATION VERSION 1.0


ERRATA POSTING FOR SPECIFICATION VERSION 1.0
Erratum Spec 1.0 Page Sections Affected Description

133

86-87 Section 9.4.3.1 (The requirements given in the two bulleted paragraphs of text in this section are given in Section 9.4.5.2.3 and are therefore redundant.) The two bulleted paragraphs of text in this section are deleted.

134

88 Section
9.4.3.2 		In the second bullet, the text "one or more Key Delivery Message(s) (KDMs)" is replaced with the text "a Key Delivery Message (KDM)"

135

92 Section
9.4.3.5 		The existing text of Item 2. is deleted and replaced with the following text:

"Security Manager (SM) KDM usage policy is specified as follows:

a. Playout shall be fully supported by a single KDM, inclusive of all required essence keys and playout time window (i.e., a playout shall not occur that requires the combination of two or more KDMs).
b. For any given composition, playout shall be enabled for any start time that is within the KDM's time window.
c. To avoid end of engagement issues, a show time's playout may extend beyond the end of the KDM's playout time window, if started within the KDM playout time window, by a maximum of six (6) hours.
d. Excepting the requirements of (b), the SM shall delete any KDM and associated keys for which the playback time window has expired (passed)."

136

 93 Section
9.4.3.5 		The existing text of Item 9. (b) is deleted and replaced with the following text:

"Usage validity periods of six (6) hours for remote SPBs (in line with the rule of item 2 (c) above)."

137

 93 Section
9.4.3.5 		The existing text of Item 10. (b) is deleted and replaced with the following text:

"Transferring LE keys only to an authenticated and trusted (7) Link Decryptor Security Entity (SE) function."

138

 94 Section
9.4.3.5 		The existing text of Item 16. is deleted and replaced with the following text:

"Support suite playback enablement (authentication followed by keying) such that no more than one of each type of SE is enabled (i.e., one LD Block, one Image MD, one audio MD), except for content owner-approved special auditorium situations employing the use of multiple Link Encryption operations. SMs shall support the authentication and keying of multiple Link Encryption operation per the requirements of Section 9.4.4.1 Multiple Link Encryption Operation."

139

94 Section
9.4.3.5 		Item 19. is deleted.

140

96 Section
9.4.3.6.2 		The last sentence of Item 10. is deleted.

141

97 Section
9.4.3.6.2		 A new Section 9.4.3.6.2.1 is added between Section 9.4.3.6.2. and Section 9.4.3.6.3 with the following text:

9.4.3.6.2.1 Normative Requirements for LD/LE SPB Devices

The following requirements are normative where a special purpose SPB that performs link decryption followed by link encryption is used (see Section 9.4.4.1):

1. Within the LD/LE Device's type 1 SPB perimeter, perform link decryption followed by link encryption at the image essence input and output ports.
2. Respond to the Security Manager's (SM's) initiatives in establishing a Transport Layer Security (TLS) session and SPB device authentication. Maintain this session until commanded to terminate.
3. LD/LE SPB Devices shall not establish security communications with more than one SM at a time.
4. LD/LE SPB Devices shall contain a UTC time reference clock that is battery backed and operative for time stamping log events under powered and un-powered conditions. The SPB shall communicate time information with the SM using standardized Intra-Theater Messaging.
5. Respond to SM "status” queries, and other Intra-Theater Messages (ITMs) and SM commands as necessary to support SM behavior requirements.
6. Accept and store LD/LE keys, and associated parameters, provided by the SM. The SPB shall have the capacity to store at least 16 key/parameter sets.
7. Purge LD/LE keys upon expiration of the SM designated validity period, SM "purge" command, SPB tamper detection, or change in TLS network parameters suggestive of an attack or equipment substitution.
8. Record security event data for logging under both powered and un-powered conditions. Sign and assemble logged information into standardized log records per Section 9.4.6.3.
9. Monitor LD/LE SPB Device physical security protection integrity 24/7. In the event of intrusion or other tamper detection, terminate all activity, log the event, and zero all Critical Security Parameters (see Section 9.5.2.6). Do not purge log records.

142

98 Section
9.4.3.6.4 		The last sentence of Item 9. is deleted.

143

100 Section
9.4.4 		A new Section 9.4.4.1 is added after Section 9.4.4 and before Section 9.4.5 with the following text:

9.4.4.1 Multiple Link Encryption Operation

Content owners may approve the use of multiple Link Encryption stages within a single auditorium for accommodating special auditorium situations. Special auditorium situations are recognized as changes to Auditorium 2 of Figure 16 such as: (i) the insertion of a single image processor between Image Media Block and a LDB/projection system; (ii) the use of multiple LDB/projection systems with a single server/IMB.

Multiple Link Encryption operation shall follow all normal (single) Link Encryption requirements of this section, with the following additional requirements:

a.

SM behavior shall be designed to identify a special auditorium situation during the auditorium security network TLS session establishment. The digital certificate exchange with remote SPBs will return the associated certificate roles for each SPB in the auditorium (i.e., LD/LE SPB device or more than a single LDB/projector).

b. The SM shall independently authenticate each remote SPB using a dedicated TLS session.
c. SMs shall enable multiple Link Encryption operation only when the SM receives a KDM whose TDL contains only the identities of the remote SPBs identified during TLS authentication. This matching is an indication to the SM that the multiple Link Encryption operation has been approved by the content owner.
d. The image processor (LD/LE) device shall be protected by a type 1 SPB. This SPB shall meet the requirements of Section 9.4.3.6.2.1 Normative Requirements for LD/LE SPB Devices.

e. The SM shall independently key each remote SPB for Link Encryption operation using standardized Intra-Theater security Messaging per Section 9.4.5.
f. The SM shall not support the use of more than one image processor SPB for any LDB/projector system.
g. The two Link Encryption stages of the image processor configuration may use the same LE key(s). The SM shall key the multiple LDB/projector configuration using different LE keys for each LDB/projector system.

144

102 Section
9.4.5.2.3 		In Item 1., a period is placed at the end of the first line of text, so the sentence reads:

"1. Only the SMS or SM shall set up Transport Layer Security (TLS) sessions."

145

102 Section
9.4.5.2.3

Erratum #6 is withdrawn and replaced with this erratum, which is more exact:

The existing text of Item 9. is deleted and replaced with the following text:

" Standardized security messages (Category 2 messages of Table 15) shall use, and have exclusive use of, well-known port 1173 (which has been reserved for SMPTE digital cinema use by the Internet Assigned Numbers Authority [IANA]). Operational messages (Category 1 messages of Table 15) shall not use TCP port 1173, but shall operate under TLS."

146

114 Section
9.4.6.2 		The existing text of Item 5. (which starts "In the event that valid overlapping KDMs exist…") is deleted and replaced with the following text:

"[This item left blank intentionally.]"

147

114 Section
9.4.6.2 		The existing text of Item 7. (which starts "The SM and FM Security Entities shall...&) is deleted and replaced with the following text:

"The SM and FM Security Entities shall log the presence or absence of audio and image Forensic Marking for each encrypted DCP."

148

114 Section
9.4.6.2 		A new Item 8. is added with the following text:

"8. If audio Forensic Marking is enabled, all sixteen audio channels shall be forensically marked."

© 2008 Digital Cinema Initiatives, LLC

If you have any technical difficulty with this site please contact:
webmaster@dcimovies.com
 
site design hosting and services