DCI issued 7 new “errata” end of August, bringing the count of errata against version 1.2 of its Digital Cinema Systems Specification to 96. As we explain with every new “errata” issued, many of the “corrections” may appear as downright changes. However, DCI members have entered into hundreds of agreements that call for compliance with the current specification version number. It therefore becomes necessary for DCI to regularly augment the existing specification with “errata,” as opposed to issuing a complete new version. Having said this, please take note of our little warning at the end of this report.
The first of the new errata underscores the use of the digital cinema certificate as a device identifier, now requiring make, model, and serial number to be clearly marked on the exterior of the device. While a worthy concept, and one that will work well for IMBs, the new procedure doesn’t appear to fix the problem of identification when a media block is installed internally within a stand-alone server.
The second item turns a new page in interpreting the issuance of new standards. Where before, a change in a referenced standard was subject to review by DCI members, today it is now automatically included in the specification unless specifically exempted.
The third errata clarifies that the DeviceList of those KDMs targeted for IMBs that are integral to a projector do not have to be populated with meaningful data. Not sure what case drove this realization, but there it is.
The fourth item clarifies design conditions for “special auditorium situations” where multiple IMBs, in addition to multiple link encryptions, may be employed. It clearly defines some new rules for testing of equipment behavior under such use conditions.
The fifth item further describes dual certificate rules that are yet to be covered in the relevant SMPTE standard.
The sixth and seventh new errata, errata 95 and 96, perhaps the most significant in a long while, redefine how private keys are secured in secure devices, such as media blocks. Private keys are now to be permanently stored in secure silicon such that only a physical attack can alter the key. Of course, a physical attack will also destroy the key.
These last two errata fill the biggest hole yet found in the DCI spec. Up until now, devices could be designed whose public/private key pair could be changed by qualified technicians after installation. Some manufacturers encouraged the exploitation of this trick in certain cinemas where the security key management problem is particularly obtuse. The added twist these cinemas must deal with is that it can be difficult to share the public key of a newly replaced device with content owners – a necessary step to minimize down time. China is said to be one such example, where a government agency serves as the go-between for the sharing of public keys, delaying the process by as much as 30 days. The cinema is left with three options: 1) go dark for however long it takes to get the exchange of certificate information approved, 2) have registered spares on hand that can be deployed immediately, or 3) update the new device with the private/public key pair information of the device it is replacing. Option 3 is quite convenient, as it can get a cinema back on-screen within minutes of installing a replacement server, without the need to notify any other entity.
But the last option, of course, is a huge security hole. It says that equipment so designed – which would be all or nearly all secure products in digital cinema – can be given a new identity at will, if one has the right software. Taken to its extreme, all devices in the world could be programmed to accept the same KDM by giving them identical public/private key pairs. While this would certainly fix the security management problem (said with humor), it obviously isn’t what the writers of the DCI specification had in mind.
DCI’s errata will have no impact on equipment already sold, which adds up to some 83,000 systems now in operation around the world. It will have no impact on equipment recently approved as DCI compliant, and so it will have little or no impact on systems as digital cinema reaches the 100,000 installation mark. But one day, its impact will be felt. With regards to errata 95 and 96, and those cinemas that relied on the former hole in the specification, one can bet that manufacturers will be happy to sell them more spares for advance registration.
These errata are not the only changes DCI has in mind, however. Head’s up to all: DCI has had a full-scale specification revision in progress for some time, and word is out that they’re close to releasing it, including an updated Compliance Test Plan. Hints have been dropped that the new specification could include new frame rates.