Disclosed is method and an evolved NodeB (eNB) for use in a Long Term Evolution (LTE) network including establishing an X2 interface between the eNB and another eNB and communicating information between the eNB and the another eNB via the X2 interface.

Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.

Enabling the exchange of connection parameters where a user equipment (UE) lacks a secret shared with the network (e.g. a server), such as key materials, and lacks a valid certificate. In some embodiments, the connection parameters may be exchanged via EAP messages. In certain aspects, and particularly with respect to emergency attach, a simplified protocol is used with limited overhead because the UE does not attempt to authenticate the network, and the network does not attempt to authenticate the UE.

Device to device (D2D) communication can be performed with packet data convergence protocol (PDCP) based encapsulation without internet protocol (IP) addressing. The non-IP D2D PDCP-encapsulated communication can further include two forms of secure data transfer. A first non-IP D2D PDCP-encapsulated communication can be a negotiated non-IP D2D PDCP-encapsulated communication. A second non-IP D2D PDCP-encapsulated communication can be a non-negotiated non-IP D2D communication. The non-negotiated non-IP D2D PDCP-encapsulated communication can include a common key management server (KMS) version and a distributed KMS version. The encapsulated communication can be used with various protocols, including a PC5 protocol (such as the PC5 Signaling Protocol) and wireless access in vehicular environments (WAVE) protocols.

Wireless communication methods are described for a user plane integrity protection failure detection and handling, determination and management of integrity protection enabled data rate that exceeds or is close to exceeding a user equipment's capability or threshold, and management of integrity protection or encryption mechanisms in a dual-connectivity system that includes a master network node and a secondary network node.

The embodiments provide cryptography that is performed in each of two communicating devices and is based on information known only to the devices. The information is determined in each of the devices at the time of communications. Each of the devices determines the information without communicating key information related to the encryption key with each other. Channel characteristic reciprocity between the two devices allows creation of identical keys in each device. Each of the devices sends a first setup signal to the other device, receives a second setup signal from the other device, where the second setup signal may be a looped back version of the first setup signal, samples the second setup generates sampling results, creates a key based on the sampling results, and utilizes the key to exchange one or more secure data signals with the other device.

A non-SI device (120) is arranged for wireless communication (130) and cooperates with an SI device (110) having access to a subscriber identity. The non-SI device has a transceiver (121) to communicate in a local network and a processor (122) to establish an association with the SI. A non-SI public key is provided to the SI device via a first communication channel. A verification code is shared with the SI device via a second communication channel. The channels are different and include an out-of-band channel (140). Proof of possession of a non-SI private key is provided to the SI device via the first or the second communication channel. From the SI device, security data is received that is related to the SI and is computed using the non-SI public key. The security data reliably enables the non-SI device to access the core network via the local network and a gateway between the local network and the core network.

A non-SI device (120) is arranged for wireless communication (130) and cooperates with an SI device (110) having access to a subscriber identity. The non-SI device has a transceiver (121) to communicate in a local network and a processor (122) to establish an association with the SI. A non-SI public key is provided to the SI device via a first communication channel. A verification code is shared with the SI device via a second communication channel. The channels are different and include an out-of-band channel (140). Proof of possession of a non-SI private key is provided to the SI device via the first or the second communication channel. From the SI device, security data is received that is related to the SI and is computed using the non-SI public key. The security data reliably enables the non-SI device to access the core network via the local network and a gateway between the local network and the core network.

A key generation method includes determining, by an access and mobility management function node, key-related information. The method also includes sending, by the access and mobility management function node, a redirection request message to a mobility management entity. The redirection request message includes the key-related information, and the redirection request message is used to request to hand over a voice service from a packet switched (PS) domain to a circuit switched (CS) domain. The method further includes receiving, by the mobility management entity, the redirection request message. The method additionally includes generating, by the mobility management entity, an encryption key and an integrity protection key for the voice service based on the key-related information.

A key generation method includes determining, by an access and mobility management function node, key-related information. The method also includes sending, by the access and mobility management function node, a redirection request message to a mobility management entity. The redirection request message includes the key-related information, and the redirection request message is used to request to hand over a voice service from a packet switched (PS) domain to a circuit switched (CS) domain. The method further includes receiving, by the mobility management entity, the redirection request message. The method additionally includes generating, by the mobility management entity, an encryption key and an integrity protection key for the voice service based on the key-related information.