The Digital Cinema Security Log documents the usage and behavior of a digital cinema system. It supports the logging of both secure and non-secure information by accomodating authenticated as well as non-authenticated log records.
Each record of the Security Log consists of a Header, Body, and optional Signature sections. The log record signature provides authentication of the log record header, or optionally, authentication over a number of log records recorded in a sequence. A sequence is created using a system of shared hashes and digital signature, such that the integrity of the sequence can be readily validated. The sequence structure allows for the filtering (removal) of a log record while preserving the fact of the record’s existence.
Security logs are shared with business partners for numerous reasons, including the establishment of trust. As a log may contain business information that pertains to multiple business partners, the ability to remove sensitive information when sharing is an important structural feature of the Security Log.
Security Logs are generated within a Secure Processing Boundary (see Media Block) for purposes of integrity. It is desireable that one log records all events of a digital cinema system. Where a Media Block is connected to other “remote” secure devices, such as a projector (separare from the Media Block), provision is made for the communication of log data over a TLS link to the Media Block for its logging activity. (See SMPTE 430-6 Auditorium Security Message for Intra-Theater Communications.)
Several record classes are supported, comprised of:
- Security Events
- Operational Events
- Health / Status events
- Maintenance Events
- Debugging Events
Detailed information about the Security Log is available in SMPTE ST 430-4 Log Record Format Specification and SMPTE ST 430-5 Security Log Event Class and Constraints.