A secure, scalable over-the-air DCP distribution system. Studios upload, Onyx chunks and double-encrypts, theatres receive and ingest — at any scale, with full chain-of-custody security.
Onyx Delivery is a proposed over-the-air DCP distribution platform designed to replace physical hard drive delivery as the primary mechanism for getting content from studios to theatres. The system is built around three principles: security, scalability, and simplicity for both the sending and receiving party.
Physical DCP delivery via hard drives is slow, expensive at scale, and creates logistical friction — particularly for wide releases where a single film must reach thousands of screens simultaneously. Onyx Delivery is designed to make that a software problem, not a shipping problem.
Note: Onyx Delivery is currently in concept phase. The architecture below represents design intent, not finalized technical documentation.
A studio uploads their DCP to the Onyx Delivery platform. The system breaks the DCP into 8 MB chunks, which become the atomic unit of transmission, verification, and retry logic throughout the system.
Each chunk is encrypted in two stages before it ever leaves Onyx infrastructure:
This means intercepted chunks are doubly useless: without both the master key (held only by authorized Onyx receiver hardware) and the studio-specific key (provisioned per-relationship), chunks cannot be reassembled into anything meaningful. This is in addition to the DCP's existing KDM encryption, which Onyx Delivery does not replace or interfere with.
Each participating theatre installs an Onyx Delivery Receiver — a dedicated hardware device that holds the cryptographic keys necessary to decrypt incoming content. The receiver:
Once the receiver has verified and reassembled the DCP, it is passed to the theatre's TMS for ingest through existing workflows. Onyx Delivery does not replace the TMS — it replaces the hard drive that would have arrived in the mail.
Onyx Delivery does not handle Key Delivery Messages. KDMs continue to flow through existing channels (email, KDM portals, etc.) as they do today. Delivery and authorization are intentionally kept as separate concerns.
| Layer | Key Holder | Scope |
|---|---|---|
| Master Key | All Onyx Receivers | Every receiver can decrypt this layer |
| Studio Key | Provisioned Receivers | Only receivers with this studio's key can decrypt |
| KDM | Theatre (existing) | Handled outside Onyx Delivery, unchanged |
The chunked architecture is inherently scalable. A studio delivering to 5,000 screens simultaneously is the same operation as delivering to 5 — the platform fans out chunk distribution to all receivers in parallel. Retry logic operates at the chunk level, so a failed transmission requires only the affected chunk to be resent, not the entire DCP.
Onyx Delivery is at concept stage. We are seeking feedback from exhibitors, studios, TMS manufacturers, and cybersecurity professionals familiar with content delivery infrastructure. If you have relevant expertise or interest, use the discussion below or contact us directly.
Technical Feedback
Share feedback, questions, or industry insights on Onyx Delivery.
Your name and organization will be displayed publicly with your comment.