Presumably the studio sends a master to Okko and then Okko transcodes it into various formats for streaming. Imagine an insider sets the transcoder to output 4K H.264 and then leaks the resulting file. It sounds like encryption won't help here.
They wouldn't send a DCP stream for transcoding. DCP stream can only be decoded by the media block inside the projector and the output physically goes to the projector chip. The system has safe guards against physical intrusion. If you open the projector, it wipes all the keys. The level of paranoia in that thing is insane.
They keys only get programmed by the studios at manufacture time, and there is no servicing of the parts in the decode chain. The whole module has to be replaced.
I actually worked on a media block design about 10 years ago.
Insane, the levels we'll go to in order to secure content from hitting someone's eyeballs and ears before ensuring money changed hands in the vague direction of the content creators at some point.
If you're protecting movies that each cost $300 million to produce and made $1 billion in box office takes (just checking the latest Avengers movie for that number), then spending $10 million on a copy protection scheme looks like it makes sense.
I watched some random YouTube videos on someone talking about digital cinema units, so this is all second hand half-remembered knowledge, so take it for what it's worth.
From what I recall, the security module has it's own battery backup, intrusion detection, etc. If the module detects tampering or it's battery goes flat, the keys are wiped.
There was some talk about that you can't keep "spare" security modules hanging around, they need to be installed in a projector periodically to recharge the onboard battery.
The media block has a small micro inside the controls the HSM. It runs on an internal back-up battery. If the unit is opened, or tampered with then it wipes all the keys. That module is FIPS certified against intrusion.
