In the first version of LTE (release 8), only unicast (one to one) IP data was supported. Release 9 introduced optional support of eMBMS (evolved Multimedia Broadcast Multicast Service) that is capable of providing support of multicast and broadcast (one to many) to LTE networks. eMBMS is also capable of supporting multimedia streaming applications as well as file download.
As in all multicast system, the goal is to save bandwidth. For example, if 10 users request the same streamed video program, with unicast the data will be sent 10 times. However with eMBMS, the data will be sent only once. The same applies to the downloading of a file. For example, with a major OS update requiring hundreds of megabytes, eMBMS can render the sending of the upgrade over the LTE network more practical and bandwidth efficient.
eMBMS may also be used to multicast protected content, for example purchased data such as a commercial movie file. The content is encrypted over the air, and the end user is authenticated to ensure that only authorized users can access the content. The security architecture of eMBMS is based on the LTE modem Subscriber Identity Module (SIM) card. In effect it is the SIM card that is authenticated and used to provide the security system master key which allows access to and the decoding of the protected content.
In known systems, the decryption is carried out by eMBMS middleware running on the client in question, for example a mobile device, using credentials derived from the SIM card of the mobile device. In effect, this creates a one-to-one relationship between the eMBMS middleware and the SIM card. This is in-line with the approach of the 3GPP organization that sets the LTE and eMBMS standards, and which has until recently been focused on phone devices where the modem and applications are co-located in a single device. Further, the eMBMS middleware communicates with the LTE modem and is usually supported through a control API (application programming interface).
Therefore, a need exists for a more flexible approach to providing eMBMS services, with optional authentication of an end user device.