The Media Block is unique to digital cinema. It contains all of the necessary processing elements within a secure boundary to present picture and sound, as well as interface elements outside of the secure boundary.
The Media Block concept is illustrated below, followed by a discussion of each element.
Figure MB-1. The Media Block
Screen Management System (SMS). The Screen Management System provides the interface to the Media Block, both user-interface and machine-interface. The SMS also manages user-related properties, such as login functions.
Secure Processing Boundary (SPB). DCI specifies secure processing boundaries for security-related processes. For picture and sound processing, the SPB must meet US Federal Information Processing Standards (FIPS) 140-2 Level 3, as well as comply with DCI requirements. (The DCI Specification and Compliance Test Plan can be found at dcimovies.com. Per the specification, the SPB for picture and sound processing must be tamperproof, such that physical tampering will erase the keys.
Security Manager (SM). The element of the Media Block responsible for security data and security policies. It is a self-contained sub-system, having its own processor and secure operating system.
Media Decryptor. The media decryptor decrypts the encrypted essence of the Track File, using the Private Key of the Media Block.
Signal Processor. Picture processing includes JPEG 2000 decompression. Audio processing, in the case of immersive sound, may include a rendering engine.
Forensic Marker. Forensic marking capability is required of the media block by the DCI Specification, but its use is optional to content owners. The information in the forensic mark is defined by DCI, and includes location information and time of day.
Secure Clock. Not shown in the diagram, the secure clock is an important feature of the media block. The secure clock is tamper-proof and battery backed. It is the reference for evaluating the date/time validity period of the KDM, and for time stamping security logs.
When the Media Block concept was first introduced, it was envisioned that several types of media block could exist, such as separate media blocks for picture and sound. DCI, for example, frequently refers to the Image Media Block (IMB) in its specification. In practice, however, manufacturers prefer to process as many essence types as possible within a single media block. As a result, the IMB, as defined by DCI, is generally the only Media Block found in most digital cinema systems. Please note that the DCI IMB should not be confused with the marketing use of the IMB acronym for Integrated Media Block.
Content may be encrypted when entering the Media Block, but it may not be encrypted when leaving it. When a Media Block is installed internally to the projector (an Integrated Media Block), it undergoes a marriage process with the projector. If the marriage between such IMBs and projectors is tampered with to gain signal access to the unencrypted picture, it will trigger a tamperproof response within the Media Block. This behavior exists to secure the unencrypted picture signal.
The Media Block is a complex device, whose security behaviors are well-defined by DCI. Some processes described have been generalized for simplicity. As such, the description presented above provides only a high-level understanding of the Media Block’s operation and its several forms, and is by no means exhaustive. For a complete understanding of the Media Block, one should refer to the DCI Specification and the DCI Compliance Test Plan at dcimovies.com.