The [DRM key] arrives as an email zip attachment that then needs to be unzipped, saved onto a memory stick and uploaded onto the server.
Seriously? That's how we're delivering time-sensitive digital information? In 2012? Ugh, it makes my head spin.
Is there some reason that the projector can't be connected to the network directly, so the vendor can push the key straight to it without all the sneakernet nonsense?
Live by the sword, die by the sword. If you ask a bunch of hackers how to make a mission-critical application secure, one of the top answers is going to be 'air gap.' In economic terms, security has greater value (to the publishers) than the mild inconvenience of a few shows starting late.
The actual transmission of the key could be done over a custom channel, like a serial connection only used to read the drm key. It would be even more secure than using a usb stick.
The key is useless without the server and feature it is issued for. There is no need to secure the transmission of the key. Automated delivery over http(s) is starting to get more and more normal (most screen servers don't have such capabilities yet, so you will need a Theatre Management System or separate box which will receieve the key and deliver it to the server).
My point wasn't to make the transmission secure (since it would one be a 50 cm wire between two boxes in the projection room), but to isolate the screen server from the internet.
Even if the internet connected box gets hacked, they have no chance of accessing the screen server through the serial cable.
Honestly what I love about this fact is that if there's an email delay the movie doesn't play. And if someone learns how to set the clocks back, it no longer matters that it's time sensitive!
The servers have a secure clock which can only be adjusted 6 minutes each year. If it goes out of this limit you will need a special package or code from the manufacturer to adjust it back or in worst case you will have to change the mediablock.
I think the limiting factor is that (crazily enough) it's hard to get internet to a lot of the places that projectors are located. Internet seems ubiquitous to us in houses/apartments but it's apparently hard to get it when your theater is in the middle of a mall or in some old building.
I believe there's a push to start distributing the encrypted films over satellite but that has its own problems because now many theaters have to start negotiating "roof rights" with their landlords.
That makes no sense: they still have to get the file from email to copy it to an USB stick, and they have to do that just a few minutes before showing time. How could they do that without Internet access on premises?
I worked with the Tech crew in my high school theater department for a couple of years. There we explicitly removed network connectivity from from the sound/lighting computer to increase stability.
This is fairly standard. As mentioned down thread, an "air gap" is a huge safety measure for production computers. Lowers the likelihood of a virus infecting the machine, and if a botnet does get on there somehow, it still can't talk to C&C. You can't just have anti-virus running on your Watchout display machines or your SFX playback machine, that CPU load is awful. So we disconnect!
Plenty of theaters have no internet connection. Offices are usually somewhere else, there are not employees or patrons that would benefit internet access. So now they have to add an ISP with network wiring to every booth? Seems a silly waste of cost, plus leading to the inevitable "now we can remote disable your projector if we feel the need."
This is already happening. The company I work for deliver services that push both KDMs and DCPs (features, trailers advertisement) to Theatre Management Systems (TMS) and screen servers.
The [DRM key] arrives as an email zip attachment that then needs to be unzipped, saved onto a memory stick and uploaded onto the server.
Seriously? That's how we're delivering time-sensitive digital information? In 2012? Ugh, it makes my head spin.
Is there some reason that the projector can't be connected to the network directly, so the vendor can push the key straight to it without all the sneakernet nonsense?