Abstract: A method, performed by a User Equipment device (UE), for obtaining a key for direct communication with a device over an air interface, wherein the UE has previously acquired a transaction identifier received from a Bootstrapping Server Function (BSF), in a Generic Bootstrapping Architecture (GBA), procedure, is provided. The method comprises storing the transaction identifier, sending the transaction identifier to the device and requesting key generation for direct communication with the device. If the transaction identifier is invalid, the method further comprises receiving from the device a device identifier and key generation information, deriving a session shared key from at least the key generation information, and deriving a direct communication key from at least the session shared key and the device identifier.

Abstract: A device receives a privacy template from a network node. The device forms a temporary privacy mask using a time-varying value and the privacy template; and encrypts a code value using the temporary privacy mask. The device transmits the encrypted code value. A receiving device receives an encrypted code value, and forms a temporary privacy mask using a time-varying value and a privacy template that it has also received from a network node. The receiving device is then able to decrypt the code value using the temporary privacy mask. The code may identify an individual or a group, and may be protected using a privacy template that is specific to the individual or to the group.

Abstract: A method performed by a proximity service server is disclosed. The method comprises generating a ProSe query code and a ProSe response code, sending at least a the ProSe response code together with a first and a second discovery key to a first end device, and sending at least the first discovery key and the ProSe query code to a second end device, so that the second end device can securely discover the first end device over an air interface.

Abstract: This relates to wireless communications, and in particular to the generation of keying material for security purposes. In particular, A method of performing authentication for a user terminal. The method comprises performing an Authentication and Key Agreement procedure for authenticating the user terminal in a cellular access network, wherein a core network of the cellular network comprises a Home Subscriber Server; determining in a Bootstrapping Server Function that the user terminal requires keying material for use outside the cellular access network. The method also comprises transferring authentication information directly from the Home Subscriber Server to the Bootstrapping Server Function; and generating session keys in the Bootstrapping Server Function using said authentication information, wherein said session keys are also generated in the user terminal.

Abstract: Methods (100, 200, 300) and apparatus (400, 500, 600, 700, 800, 900) are disclosed for establishing a key for direct communication between a User Equipment device, UE, and a device. The methods and apparatus cooperate to form a system for securing direct communication between a UE and a device over an interface. The system comprises a UE (20), a device (30) and a Direct Communication Element (40). The Direct Communication Element (40) is configured to obtain a shared session key and Generic Bootstrapping Architecture Push Information, GPI, to derive a UE delivery key from at least the shared session key, to generate a direct communication key, to encrypt the direct communication key with the UE delivery key, and to send the direct communication key, the encrypted direct communication key and the GPI to the device (30). The device (30) is configured to send the encrypted direct communication key and the GPI to the UE (20).

Abstract: A method, performed by a User Equipment device (UE), for obtaining a key for direct communication with a device over an air interface, wherein the UE has previously acquired a transaction identifier received from a Bootstrapping Server Function (BSF), in a Generic Boot-strapping Architecture (GBA), procedure, is provided. The method comprises storing the transaction identifier, sending the transaction identifier to the device and requesting key generation for direct communication with the device. If the transaction identifier is invalid, the method further comprises receiving from the device a device identifier and key generation information, deriving a session shared key from at least the key generation information, and deriving a direct communication key from at least the session shared key and the device identifier.

Abstract: A method, performed by a User Equipment device, UE, for obtaining a key for direct communication with a device over an air interface, wherein the UE has previously acquired a transaction identifier received from a Bootstrapping Server Function, BSF, in a Generic Bootstrapping Architecture, GBA, procedure, is provided. The method comprises storing the transaction identifier, sending the transaction identifier to the device and requesting key generation for direct communication with the device. If the transaction identifier is invalid, the method further comprises receiving from the device a device identifier and key generation information, deriving a session shared key from at least the key generation information, and deriving a direct communication key from at least the session shared key and the device identifier.