Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification Security Policy No: 010-103498-06 Rev: 1 REVISION # ECO # REVISION # ECO # 1 13-0904 2 13-1200 Title: Christie IMB-S2 4K Integrated Media Block (IMB) Security Policy Product(s): Christie IMB-S2 4K Integrated Media Block (IMB) Prepared by: Kevin Draper Prep’d Date: 08/02/2013 Last Updated: 03/07/2014 F0015 – Revision Non-Proprietary Security Policy Page 1 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification Detailed Revision History Revision Description of Changes Initial public release. 1 This document may only be reproduced in its entirety without revision including this statement. Copyright ©2013 Christie Digital Systems Canada Inc. F0015 – Revision Non-Proprietary Security Policy Page 2 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification Table of Contents 1. SCOPE .............................................................................................................................................................................5 1.1 REFERENCE DOCUMENTS ........................................................................................................................................5 2. PRODUCT OVERVIEW ...............................................................................................................................................5 2.1 VALIDATED MODULE VERSIONS .............................................................................................................................5 3. SECURITY LEVELS .....................................................................................................................................................5 4. CRYPTOGRAPHIC BOUNDARY...............................................................................................................................6 5. APPROVED ALGORITHMS .......................................................................................................................................8 6. NON-APPROVED ALGORITHMS .............................................................................................................................9 7. PORTS AND INTERFACES.........................................................................................................................................9 8. AUTHENTICATION ...................................................................................................................................................10 9. ROLES AND SERVICES ............................................................................................................................................12 9.1 CRYPTO OFFICER SERVICES ..................................................................................................................................12 9.2 USER SERVICES .....................................................................................................................................................14 9.3 PROJECTOR SERVICES ...........................................................................................................................................14 9.4 UNAUTHENICATED SERVICES ...............................................................................................................................14 10. CRITICAL SECURITY PARMETERS & PUBLIC KEYS ................................................................................15 10.1 CRITICAL SECURITY PARAMETERS (CSPS) ...........................................................................................................15 10.2 PUBLIC KEYS ........................................................................................................................................................16 11. PHYSICAL SECURITY ..........................................................................................................................................16 12. OPERATIONAL ENVIRONMENT ......................................................................................................................17 13. SELF-TESTS ............................................................................................................................................................18 14. MITIGATION OF OTHER ATTACKS ................................................................................................................18 15. SECURITY RULES .................................................................................................................................................19 16. ACRONYMS ............................................................................................................................................................20 Table of Figures Figure 1 Front view of Christie IMB-S2 ________________________________________________________ 6 Figure 2 Top View of Christie IMB-S2 _________________________________________________________ 7 F0015 – Revision Non-Proprietary Security Policy Page 3 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification Figure 3 Bottom View of Christie IMB-S2 _______________________________________________________ 8 List of Tables Table 1 Reference Documents ________________________________________________________________ 5 Table 2 FIPS 140-2 Security Levels ___________________________________________________________ 6 Table 3 Roles and Required Identification and Authentication _____________________________________ 10 Table 4 Strength of Authentication Mechanism __________________________________________________ 10 Table 5 Crypto Officer Services ______________________________________________________________ 13 Table 6 User Services______________________________________________________________________ 14 Table 7 Projector Services __________________________________________________________________ 14 Table 8 Unauthenticated Services ____________________________________________________________ 14 Table 9 Inspection/Testing of Physical Security Mechanisms ______________________________________ 17 Table 10 Mitigation of Other Attacks _________________________________________________________ 18 F0015 – Revision Non-Proprietary Security Policy Page 4 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification 1. SCOPE This document is the Cryptographic Module Security Policy for the Christie IMB-S2 4K Integrated Media Block (IMB) (also referred to herein as the Christie IMB-S2, the cryptographic module, or simply the module). This policy is a specification of the security rules under which the Christie IMB-S2 operates and meets the requirements of FIPS 140-2 Level 2. 1.1 REFERENCE DOCUMENTS Document No. Description FIPS PUB 140-2 Security Requirements For Cryptographic Modules [FIPS PUB 140-2] (http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf ) Table 1 Reference Documents 2. PRODUCT OVERVIEW The Christie IMB-S2 is a multi-chip embedded cryptographic module. It is a DCI-compliant integrated media block solution to enable the playback of the video, audio and timed text essence on a Christie “Solaria” Series 2 digital cinema projector (2K or 4K projector). The IMB-S2 enables playback of encrypted cinema content packaged as an industry standard Digital Cinema Package (DCP). The IMB-S2 supports playback of digital cinema content from a network attached storage (NAS) or direct attach storage (DAS) device. 2.1 VALIDATED MODULE VERSIONS The validated module consists of the following:  Hardware version: 000-102675-01  Firmware version: 1.0.1-2641, 1.0.3-3047, 1.1.0-3271, 1.2.0-3400, 1.2.1-3546, 1.3.0-3704, or 1.3.2- 3709 3. SECURITY LEVELS The IMB is tested to meet the FIPS security requirements shown in Table 2. FIPS 140-2 Security Requirements Security Level 1. Cryptographic Module Specification 3 2. Cryptographic Module Ports and Interfaces 2 F0015 – Revision Non-Proprietary Security Policy Page 5 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification 3. Roles, Services and Authentication 3 4. Finite State Model 2 5. Physical Security 3 6. Operational Environment N/A 7. Cryptographic Key Management 2 8. EMI/EMC 2 9. Self-Tests 2 10. Design Assurance 3 11. Mitigation of Other Attacks N/A FIPS Overall Level 2 Table 2 FIPS 140-2 Security Levels 4. CRYPTOGRAPHIC BOUNDARY The illustrations below indicate the cryptographic boundary and the physical ports defined on the boundary. Unlabelled connectors are not interfaces on the cryptographic boundary. Figure 1 Front view of Christie IMB-S2 F0015 – Revision Non-Proprietary Security Policy Page 6 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification 2 3 1 4 8 7 6 5 Figure 2 Top View of Christie IMB-S2 F0015 – Revision Non-Proprietary Security Policy Page 7 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification Figure 3 Bottom View of Christie IMB-S2 5. APPROVED ALGORITHMS The cryptographic module supports the following Approved algorithms:  Symmetric Key Encryption/Decryption o Advanced Encryption Standard (AES) – Cert #2043 [CBC Mode] o Advanced Encryption Standard (AES) – Cert #2042 [CBC/ECB Mode]  Asymmetric Key Signature Generation & Verification o RSA (2048 bits) – Cert #1062 F0015 – Revision Non-Proprietary Security Policy Page 8 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification  Secure Hash Standard (SHS) o SHA-1 – Cert #1789 o SHA-1 – Cert #1788 o SHA-256 – Cert #1788  Random Number Generators (RNG) o RNG – ANSI X9.31 – Cert #1066 and #1230 o RNG - FIPS 186-2 – Cert #1066  Message Authentication o HMAC-SHA-1 – Keyed-Hash Message Authentication Code – Cert #1242 o HMAC-SHA-1 – Keyed-Hash Message Authentication Code – Cert #1241  Key Derivation o CVL - SP 800-135 - Cert #97 6. NON-APPROVED ALGORITHMS The cryptographic module supports the following non-Approved algorithms:  Hardware RNG  MD5 (as used in TLS)  RSA Key unwrapping of KDMs allowed as a commercially available key establishment technique (key wrapping; key establishment methodology provides 112 bit of encryption strength)  TI ECDH – considered as non-security relevant data obfuscation (plaintext) and only used to interoperate with legacy equipment  TI S-box - considered as non-security relevant data obfuscation (plaintext) and only used to interoperate with legacy equipment 7. PORTS AND INTERFACES The following table maps the logical interfaces to the physical ports: Logical Interface Physical Ports Data Input Ethernet, PCIE Data Output Ethernet, PCIE, Audio, Video Control Input Ethernet, Projector I/O, PCIE, LPC, Reset (Manual), Reset (Automatic), Power Good F0015 – Revision Non-Proprietary Security Policy Page 9 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification Status Output Ethernet, Projector I/O, LPC, LEDs Power Power 8. AUTHENTICATION The Christie IMB-S2 shall support the following distinct operator roles: Crypto Officer, User and Projector. The Christie IMB-S2 does not support a Maintenance role. The cryptographic module shall enforce the separation of roles using identity-based operator identification. Role Type of Authentication Authentication Data Crypto Officer Identity-based operator authentication RSA Digital Signature Verification User Identity-based operator authentication ID and Password Projector Identity-based operator authentication RSA Digital Signature Verification Table 3 Roles and Required Identification and Authentication Authentication Mechanism Strength of Mechanism RSA Digital Signature Verification The authentication is based on RSA 2048 which provides an equivalent encryption strength of 112 bits. The probability that a random attempt will succeed or a false acceptance will occur is 1/2112 which is less than 1/1,000,000. There is a 1 second retry delay after each attempt which limits the number of attempts that can be launched per minute. The probability that a random attempt will successfully authenticate to the module within one minute is 60/2112 which is less than 1/100,000. ID and Password Verification The module accepts 63 possible characters and a minimum 6 characters for an authentication secret. The probability that a random attempt will succeed or a false acceptance will occur is 1/(63^6) which is less than 1/100,000,000. There is a 1 second retry delay after each attempt which limits the number of attempts that can be launched per minute. The probability that a random attempt will successfully authenticate to the module within one minute is 60/(63^6) which is less than 1/100,000. Table 4 Strength of Authentication Mechanism F0015 – Revision Non-Proprietary Security Policy Page 10 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification F0015 – Revision Non-Proprietary Security Policy Page 11 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification 9. ROLES AND SERVICES 9.1 CRYPTO OFFICER SERVICES Table 5 summarizes the services that are only available to the Crypto Officer role. Services Description CSP(s) and Key(s) Type(s) of Access Upgrade Update the firmware via Christie Root CA Key, Read RSA signature Certificate Chain, verification Christie Firmware Update Key Zeroization Zeroizes all sensitive AES Master Key, Write data including plaintext Device Private Key (SM CSPs Key), Device Private Key (Log Key), Content Description Keys, Content Integrity Keys (MIC key), TLS Pre- master secret, TLS Master Secret, TLS PRF Internal State, TLS AES Session Key, TLS HMAC Session Key, DRNG Seed (dt, v) and Seed Key (k), DRNG Internal State (X9.31), DRNG Seed Key (xKey), DRNG Internal State (FIPS 186-2), Marriage Password System Management System Management TLS Pre-master secret, Write functions for the module TLS Master Secret, TLS PRF Internal State, TLS AES Session Key, TLS HMAC Session Key, Marriage Password Crypto Officer Authenticate Crypto TLS Pre-master secret, Read Authentication Officer SMS Public Key TLS Master Secret, TLS Read, Write PRF Internal State, TLS F0015 – Revision Non-Proprietary Security Policy Page 12 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification AES Session Key, TLS HMAC Session Key, DRNG Seed (dt,v) and Seed Key (k), DRNG Internal State (X9.31), Device Public Key (SM Key) KDM Management Service for managing AES Master Key, Device Read KDM information Private Key (SM Key) Content Decryption Read, Write Keys, DRNG Seed Key (xKey) CPL Management Service for managing Device Private Key (SM Read CPL information Key) Encrypted Playback Service for decrypting AES Master Key, Read encrypted content Content Integrity Keys (MIC key), Content Decryption Keys, DRNG Seed Key (xKey), DRNG Internal State (FIPS 186- 2) Log Management Service for retrieving log Device Private Key (Log Read data (secure get status) Key), Device Public Key (Log Key) Atmos Management Service for managing TLS Master Secret, TLS Read, Write decryption keys on PRF Internal State, TLS Atmos server AES Session Key, TLS HMAC Session Key, DRNG Seed (dt,v) and Seed Key (k), DRNG Internal State (X9.31), Device Public Key (Log Key), Content Decryption Keys Table 5 Crypto Officer Services F0015 – Revision Non-Proprietary Security Policy Page 13 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification 9.2 USER SERVICES Table 6 summarizes the services that are only available to the User role. Services Description CSP(s) and Key(s) Type(s) of Access Suite Management Initiate, monitor and Marriage Password Read, Write manage projector suite Table 6 User Services 9.3 PROJECTOR SERVICES Table 7 summarizes the services that are only available to the projector role. Services Description CSP(s) and Key(s) Type(s) of Access Marriage Verification Verify projector marriage ICP Public Key Read Table 7 Projector Services 9.4 UNAUTHENICATED SERVICES Table 8 summarizes the unauthenticated services that are available. Services Description CSP(s) and Key(s) Type(s) of Access Power On Self-Tests Self-tests performed at N/A N/A Power On Status Status Output N/A N/A * ICP Status Monitor ICP status N/A N/A Table 8 Unauthenticated Services * Note that the unauthenticated service “ICP Status” is accessible by connecting to the cryptographic module through TI ECDH and TI S-box, the use of which is considered non-security relevant data obfuscation from FIPS 140-2 perspective as related to this cryptographic module; this does not provide any security relevant functions and is not used to protect sensitive unclassified data. The I/O therein is obfuscated to support interoperability with existing legacy equipment and is only used to set and retrieve non-security relevant items. Note that all said service is considered to be plaintext with respect to FIPS 140-2, and do not use the Approved security functions, disclose, modify, or substitute CSPs or otherwise affect the security of the module. F0015 – Revision Non-Proprietary Security Policy Page 14 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification 10. CRITICAL SECURITY PARMETERS & PUBLIC KEYS 10.1 CRITICAL SECURITY PARAMETERS (CSPS) # Name Description 1. AES Master Key AES 128 bits - used for key management. RSA 2048 – RSA private key that device uses to prove its 2. Device Private Key (SM Key) identity and facilitate secure Transport Layer Security (TLS) communications, and for key transport. 3. Device Private Key (Log Key) RSA 2048 - RSA private key used to sign log data. 4. Content Decryption Keys AES 128 CBC mode - AES keys that protect encrypted content. HMAC-SHA-1 (128-bit key) – content integrity key 5. Content Integrity Keys (MIC key) 6. TLS Pre-Master Secret Session specific TLS secret 7. TLS Master Secret Session specific TLS secret 8. TLS PRF Internal State Session specific TLS secret 9. TLS AES Session Key AES 128 CBC mode - AES encryption/decryption of TLS session data 10. TLS HMAC Session Key HMAC-SHA-1 (160-bit key) - HMAC integrity of TLS session data 11. DRNG Seed (dt, v) and Seed Key (k) X9.31 DRNG - seeding inputs in the Approved DRNG 12. DRNG Internal State (ANSI X9.31) X9.31 DRNG - intermediate state of the DRNG 13. DRNG Seed Key (xKey) FIPS 186-2 DRNG - seeding inputs in the Approved DRNG 14. DRNG Internal State (FIPS 186-2) FIPS 186-2 DRNG - intermediate state of the DRNG 15. Marriage Password User role authentication data; 6-32 characters password F0015 – Revision Non-Proprietary Security Policy Page 15 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification 10.2 PUBLIC KEYS # Name Description RSA 2048 – Christie Root CA key 1. Christie Root CA Key RSA 2048 – Christie Certificate Chain 2. Certificate Chain RSA 2048 – Christie firmware verification key 3. Christie Firmware Update Key 4. Device Public Key (SM Key) RSA 2048 - RSA public key that device uses to prove its identity and facilitate secure Transport Layer Security (TLS) communications, and for key transport. 5. Device Public Key (Log Key) RSA 2048 - RSA public key used to verify log signatures. RSA 2048 – TLS Client Public Key 6. SMS Public Key RSA 2048 – Identity of the projector 7. ICP Public Key RSA 2048 – Identity of the Dolby Atmos server 8. Atmos Public Key 11. PHYSICAL SECURITY The Christie IMB-S2 is a multi-chip embedded cryptographic module which is composed of production-grade components. The physical security mechanisms of the module includes a hard, opaque and tamper-evident metal enclosure that is monitored 24/7 by battery backed-up tamper detection and response mechanisms. Any attempt to remove the metal enclosure results in instantaneous active zeroization of all plaintext CSPs. Zeroization also occurs if the battery becomes discharged. The module includes tamper-evident labels covering the screws that secure the metal enclosure to the module; said tamper-evident labels are installed as part of the manufacturing process and shall not be removed (i.e. maintenance role is not supported, maintenance interface is not supported). The tamper-evident metal enclosure and the tamper-evident labels shall be periodically inspected to ensure the physical security of the module is maintained. F0015 – Revision Non-Proprietary Security Policy Page 16 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification All components which lie outside the metal enclosure are not security relevant and are excluded from the FIPS 140-2 requirements. The excluded components are the non-security relevant data input and data output, passive components (capacitors, resistors, inductors), voltage regulators, traces and signals routed to these components, the PCB lying outside the metal enclosure, connectors and the faceplate. Physical Security Recommended Inspection/Test Guidance Details Mechanism Frequency of Inspection/Test Metal enclosure Upon receipt of module Visually inspect metal enclosure for scratches, and as often as feasible. gouges, deformation and other signs of visible signs of tamper. Tamper Responsive N/A N/A Switches Tamper Evident Seals Upon receipt of module Visually inspect the tamper evident seals for and as often as feasible. scratches, gouges, deformation or other physical signs of tampering. Table 9 Inspection/Testing of Physical Security Mechanisms If any tampering of the module is observed or suspected, remove the module from service and return it to Christie Digital. 12. OPERATIONAL ENVIRONMENT The IMB operates in a limited operational environment that only allows the loading of trusted and validated firmware binary images through an authenticated service. Firmware binary images are signed by an RSA key which is part of the Christie certificate chain. The RSA signature verification algorithm has been validated (RSA Cert. #1062). F0015 – Revision Non-Proprietary Security Policy Page 17 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification 13. SELF-TESTS The module performs the following self-tests:  Power Up Self-Tests o Cryptographic algorithm tests:  ANSI X9.31 DRNG KAT  FIPS 186-2 DRNG KAT  AES 128 CBC Encrypt/Decrypt KAT  SHA-1 KAT  SHA-256 KAT  HMAC-SHA-1 KAT (using 160 bit HMAC key)  RSA 2048 Signature Generation (using SHA-1)/ RSA 2048 Signature Verification KAT  SHA-1 KAT  AES128 CBC Decrypt KAT  HMAC-SHA-1 KAT (using 160 bit HMAC key)  KDF 800 KAT o Firmware Integrity Test - EDC that meets requirements of AS09.24 o Critical Functions Tests:  RSA 2048 Encrypt/Decrypt KAT  Conditional Self-Tests o Continuous Random Number Generator (RNG) tests:  ANSI X9.31 RNG  FIPS 186-2 RNG  Hardware RNG o Firmware Load Test (RSA signature verification) 14. MITIGATION OF OTHER ATTACKS The cryptographic module does not mitigate any specific attacks beyond the scope of FIPS 140-2. Other Attacks Mitigation Mechanism Specific Limitations N/A N/A N/A Table 10 Mitigation of Other Attacks F0015 – Revision Non-Proprietary Security Policy Page 18 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification 15. SECURITY RULES The following specifies the security rules under which the cryptographic module shall operate:  The module does not support a bypass capability or a maintenance interface.  The module supports concurrent operators. However, the module does not support more than one operator per role. The operators may not switch roles without re-authenticating.  The operator must re-authenticate on each power-up event.  The module inhibits data output during an error state, zeroization, key generation and during the power- up self-tests.  The module shall enforce identity-based authentication.  The module does not provide feedback of authentication data.  The module does not support a non-FIPS mode of operation. The module only operates in an Approved mode of operation. The module is initialized for FIPS mode of operation from the factory.  The operator may verify that the module is running in an approved mode of operation by verifying the FIPS LED status (Note: the FIPS LED is in position #4): o Orange – module is running power-up self-tests o Green – module has successfully performed self-tests and is running in FIPS mode o Red – module has entered an error state; all cryptographic operations are inhibited.  An error state may be cleared by power-cycling the module.  The module provides logical separation between all the data input, control input, data output and status output interfaces.  The module protects all CSPs from unauthenticated disclosure and unauthorized modification. The module protects all public keys from unauthorized modification and unauthorized substitution.  The module does not support manual key entry. A manual key entry test is not implemented.  The module does not support split-knowledge processes.  The operator may perform on-demand power-on self-test by recycling power to the module.  The status output does not contain CSPs or sensitive data that if misused could lead to a compromise of the module. F0015 – Revision Non-Proprietary Security Policy Page 19 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification 16. ACRONYMS Acronym Definition AES Advanced Encryption Standard CSP Critical Security Parameter DAS Direct Attached Storage DCI Digital Cinema Initiatives, LLC DCP Digital Cinema Package DRNG Deterministic Random Number Generator EMC Electromagnetic Compatibility EMI Electromagnetic Interference FCC Federal Communications Commission FIPS Federal Information Processing Standards FPGA Field Programmable Gate Array HMAC Hashed Message Authentication Code ICP Integrated Cinema Processor IMB Image Media Block KAT Known Answer Test MAC Media Access Control NAS Network Attached Storage RSA Rivest-Shamir-Adleman SHA Secure Hash Algorithm TI Texas Instruments Incorporated TI ECDH Considered as non-security relevant data obfuscation (plaintext) and only used to interoperate with legacy equipment F0015 – Revision Non-Proprietary Security Policy Page 20 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification Security 03/07/2014 010-103498-06 - Rev 1 Policy Specification TI S-box Considered as non-security relevant data obfuscation (plaintext) and only used to interoperate with legacy equipment TLS Transport Layer Security F0015 – Revision Non-Proprietary Security Policy Page 21 of 21 2 Christie Digital Systems USA, Inc. Christie Digital Systems Canada Inc. Specification