WO2017209746A1

WO2017209746A1 - User equipment (ue) and methods for reception of downlink data services

Info

Publication number: WO2017209746A1
Application number: PCT/US2016/035247
Authority: WO
Inventors: Ajay Panchal; Birgit Breining
Original assignee: Intel IP Corporation
Priority date: 2016-06-01
Filing date: 2016-06-01
Publication date: 2017-12-07
Also published as: DE112016006932T5

Abstract

Embodiments of a User Equipment (UE) and methods for reception of downlink data services are generally described herein. In some embodiments, the UE may be configured to receive downlink signals from an Evolved Node-B (eNB) of a Third Generation Partnership Project (3GPP) Long Term Evolution (LTE) network. Transmission of uplink signals to the 3GPP LTE network may be restricted, in some cases. The UE may transmit, to an access point (AP) and in accordance with a wireless local area network (WLAN) protocol, a request for a service key for a downlink data service with the eNB. The UE may receive a service key from the AP, and may use the service key to decrypt a traffic key received from the eNB. The traffic key may be used to decrypt data packets received as part of the downlink data service.

Description

USER EQUIPMENT (UE) AND METHODS FOR RECEPTION OF

DOWNLINK DATA SERVICES

TECHNICAL FIELD

[0001] Embodiments pertain to wireless communications. Some embodiments relate to wireless networks including 3GPP (Third Generation Partnership Project) networks, 3 GPP LTE (Long Term Evolution) networks, 3GPP LTE-A (LTE Advanced) networks, and wireless local area networks (WLANs), although the scope of the embodiments is not limited in this respect. Some embodiments relate to enhanced multimedia broadcast multicast services (eMBMS). Some embodiments relate to security and authentication. Some embodiments relate to Internet of Things (IoT) devices.

BACKGROUND [0002] A mobile device may communicate with a mobile network for services such as voice, data or others. As an example, an Internet of Things (IoT) mobile device may receive such services. In some cases, broadcast data services may be provided by the mobile network. Security and authentication procedures may be used for these and other services, in some cases.

Accordingly, there is a general need for methods to provide such security and authentication procedures in these and other scenarios.

BRIEF DESCRIPTION OF THE DRAWINGS

0003] FIG. 1 is a functional diagram of a 3GPP network in accordance with some embodiments; [0004] FIG. 2 illustrates a block diagram of an example machine in accordance with some embodiments;

[0005] FIG. 3 is a block diagram of an Evolved Node-B (eNB) in accordance with some embodiments:

[0006] FIG. 4 is a block diagram of a User Equipment (UE) in accordance with some embodiments;

[0007] FIG. 5 is a block diagram of a broadcast multicast service center

(BM-SC) in accordance with some embodiments;

[0008] FIG. 6 illustrates the operation of a method of communication in accordance with some embodiments;

[0009] FIG. 7 illustrates example architectures in accordance with some embodiments;

[0010] FIG. 8 illustrates an example flow diagram for a method of providing security in accordance with some embodiments;

[0011] FIG. 9 illustrates another example flow diagram for a method of providing security in accordance with some embodiments;

[0012] FIG. 10 illustrates another example flow diagram for a method of providing security in accordance with some embodiments;

[0013] FIG. 11 illustrates another example flow diagram for a method of providing security in accordance with some embodiments;

[0014] FIG. 12 illustrates example connections betw een a UE and a cellular network in accordance with some embodiments;

[0015] FIG. 13 illustrates another example flow diagram for a method of providing security in accordance with some embodiments;

[0016] FIG. 14 illustrates the operation of another method of communication in accordance with some embodiments;

[0017] FIG. 15 illustrates the operation of another method of communication in accordance with some embodiments;

[0018] FIG. 16 illustrates the operation of another method of communication in accordance with some embodiments;

[0019] FIG. 17 illustrates the operation of another method of communication in accordance with some embodiments; [0020] FIG. 18 illustrates an example architecture for Multimedia

Broadcast Multicast Service (MBMS) for Long Term Evolution (LTE) in accordance with some embodiments;

[0021] FIG. 19 illustrates an example MBMS scenario in accordance with some embodiments;

[0022] FIG. 20 illustrates an example MBMS scenario in accordance with some embodiments; and

[0023] FIG. 21 illustrates encryption examples in accordance with some embodiments.

DETAILED DESCRIPTION [0024] The following description and the drawings sufficiently illustrate specific embodiments to enable those skilled in the art to practice them. Other embodiments may incorporate structural, logical, electrical, process, and other changes. Portions and features of some embodiments may be included in, or substituted for, those of other embodiments. Embodiments set forth in the claims encompass all available equivalents of those claims.

[0025] FIG. 1 is a functional diagram of a 3GPP network in accordance with some embodiments. It should be noted that embodiments are not limited to the example 3GPP network shown in FIG. 1 , as other networks may be used in some embodiments. As an example, a Fifth Generation (5G) network may be used in some cases. As another example, a wireless local area network (WLAN) may be used in some cases. Embodiments are not limited to these example networks, however, as other networks may be used in some embodiments. In addition, in some embodiments, one or more networks, including these example networks and/or other networks, may be used in combination. As an example, the UE 102 may be configured to communicate with a 3GPP network and with a WLAN in some cases. Such networks may or may not include some or all of the components shown in FIG. 1, and may include additional components and/or alternative components in some cases.

[0026] It should he noted that in some embodiments, techniques and/or operations described herein may be performed in accordance with a network such as the example network 1800 shown in FIG. 18 (which will be described below). In some embodiments, techniques and/or operations described herein may be performed in accordance with a network that may include one or more components shown in FIG. 18. In some embodiments, techniques and/or operations described herein may be performed in accordance with a network that may include one or more components shown in FIG. 1 and one or more components of the example network shown in FIG. 18. In some embodiments, the network may also include additional components not shown in FIG. 1 or FIG. 18.

[0027] The network may comprise a radio access network (RAN) (e.g., as depicted, the E-UTRAN or evolved universal terrestrial radio access network) 100 and the core network 120 (e.g., shown as an evolved packet core (EPC)) coupled together through an SI interface 115. For convenience and brevity sake, only a portion of the core network 120, as well as the RAN 100, is shown.

[0028] The core network 120 includes a mobility management entity (MME) 122, a serving gateway (serving GW) 124, and packet data network gateway (PDN GW) 126. The RAN 100 includes Evolved Node-B's (eNBs) 104 (which may operate as base stations) for communicating with User Equipment (UE) 102. The eNBs 104 may include macro eNBs and low power (LP) eNBs.

[0029] In some embodiments, the UE 102 may receive one or more data packets from the e^'NB 104. As an example, the data packets may be received in accordance with an enhanced Multimedia B oadcast Multicast Sendee

(eMBMS) data service. The UE 102 may also receive a traffic key from the eNB 104 for usage as part of a security procedure for the eMBMS data service, m some embodiments. These embodiments will be described in more detail below.

[0030] The MME 122 is similar in function to the control plane of legacy

Serving GPRS Support Nodes (SGSN). The MME 122 manages mobility aspects in access such as gateway selection and tracking area list management, it should be noted that in some embodiments, a multi-cell coordination entity (MCE) may be included in a network and may perform one or more operations and/or control operations related to eMBMS services. For instance, the MCE may be part of a control plane for an eMBMS arrangement, in some embodiments.

[0031J The serving GW 124 terminates the interface toward the RAN

100, and routes data packets between the RAN 100 and the core network 120. In addition, it may be a local mobility anchor point for inter-eNB handovers and also may provide an anchor for inter-3GPP mobility. Other responsibilities may include lawful intercept, charging, and some policy enforcement. The serving GW 124 and the MME 122 may be implemented in one physical node or separate physical nodes. The PDN GW 126 terminates an SGi interface toward the packet data network (PDN). The PDN GW 126 routes data packets between the EPC 120 and the external PDN, and may be a key node for policy enforcement and charging data collection. It may also provide an anchor point for mobility with non-LTE accesses. The external PDN can be any kind of IP network, as well as an IP Multimedia Subsystem (IMS) domain. The PDN GW 126 and the serving GW 124 may be implemented in one physical node or separated physical nodes.

[0032 J The eNBs 104 (macro and micro) terminate the air interface protocol and may be the first point of contact for a UE 102. In some embodiments, an eNB 104 may fulfill various logical functions for the RAN 1 0 including but not limited to RNC (radio network controller functions) such as radio bearer management, uplink and downlink dynamic radio resource management and data packet scheduling, and mobility management. In accordance with embodiments, UEs 1 2 may be configured to communicate Orthogonal Frequency Division Multiplexing (OFDM) communication signals with an eNB 104 over a multicarrier communication channel in accordance with an Orthogonal Frequency Division Multiple Access (OFDMA) communication technique. The OFDM signals may comprise a plurality of orthogonal subcarriers. [0033] The S I interface 115 is the interface that separates the RAN 100 and the EPC 120, It is split into two parts: the Sl-U, which carries traffic data between the eNBs 104 and the serving GW 124, and the Sl-MME, which is a signaling interface between the eNBs 104 and the MME 122. The X2 interface is the interface between eNBs 104. The X2 interface comprises two parts, the X2-C and X2-U. The X2-C is the control plane interface between the eNBs 104, while the X2-U is the user plane interface between the eNBs 104.

[0034] With cellular networks, LP cells are typically used to extend coverage to indoor areas where outdoor signals do not reach well, or to add network capacity in areas with very dense phone usage, such as train stations. As used herein, the term low power (LP) eNB refers to any suitable relatively low power eNB for implementing a narrower cell (narrower than a macro cell) such as a femtocell, a picocell, or a micro cell. Femtocell eNBs are typically provided by a mobile network operator to its residential or enterprise customers. A femtoceil is typically the size of a residential gateway or smaller and generally connects to the user's broadband line. Once plugged in, the femtocell connects to the mobile operator's mobile network and provides extra coverage in a range of typically 30 to 50 meters for residential fenitoceils. Thus, a LP eNB might be a femtocell eNB since it is coupled through the PDN GW 126. Similarly, a picocell is a wireless communication system typically covering a small area, such as in-building (offices, shopping malls, train stations, etc.), or more recently in~aircraft. A picocell eNB can generally connect through the X2 link to another eNB such as a macro eNB through its base station controller (BSC)

functionality. Thus, LP eNB may be implemented with a picocell eNB since it is coupled to a macro eNB via an X2 interface. Picocell eNBs or other LP eNBs may incorporate some or all functionality of a macro eNB. In some cases, this may be referred to as an access point base station or enterprise femtocell.

[0035] In some embodiments, a downlink resource grid may be used for downlink transmissions from an eNB 104 to a UE 102, while uplink

transmission from the UE 102 to the eNB 104 may utilize similar techniques. The grid may be a time-frequency grid, called a resource grid or time-frequency resource grid, which is the physical resource in the downlink in each slot. Such a time-frequency plane representation is a common practice for OFDM systems, winch makes it intuitive for radio resource allocation. Each column and each row of the resource grid correspond to one OFDM symbol and one OFDM subcarrier, respectively. The duration of the resource grid in the time domain corresponds to one slot in a radio frame. The smallest time-frequency unit in a resource grid is denoted as a resource element (RE). Each resource grid comprises a number of resource blocks (RBs), which describe the mapping of certain physical channels to resource elements. Each resource block comprises a collection of resource elements in the frequency domain and may represent the smallest quanta of resources that currently can be allocated. There are several different physical downlink channels that are conveyed using such resource blocks. With particular relevance to this disclosure, two of these physical downlink channels are the physical downlink shared channel and the physical down link control channel.

[0036] The physical downlink shared channel (PDSCH) carries user data and higher-layer signaling to a UE 102 (FIG. 1 ). The physical downlink control channel (PDCCH) carries information about the transport format and resource allocations related to the PDSCH channel, among oilier tilings. It also informs the UE 102 about the transport format, resource allocation, and hybrid automatic repeat request (HARQ) information related to the uplink shared channel.

Typically, downlink scheduling (e.g., assigning control and shared channel resource blocks to UEs 102 within a cell) may be performed at the eNB 104 based on channel quality information fed back from the UEs 102 to the eNB 104, and then the downlink resource assignment information may be sent to a UE 102 on the control channel (PDCCH) used for (assigned to) the UE 102.

[0037] The PDCCH uses CCEs (control channel elements) to convey the control information. Before being mapped to resource elements, the PDCCH complex-valued symbols are first organized into quadruplets, which are then permuted using a sub-block inter-leaver for rate matching. Each PDCCH is transmitted using one or more of these control channel elements (CCEs), where each CCE corresponds to nine sets of four physical resource elements known as resource element groups (REGs). Four QPSK symbols are mapped to each REG. The PDCCH can be transmitted using one or more CCEs, depending on the size of DCI and the channel condition. There may be four or more different PDCCH formats defined in LTE with different numbers of CCEs (e.g., aggregation level, \ 1. 2. 4, or 8).

[0038] It should be noted that in some embodiments, other channels may be used, in addition to or instead of, those described above. In some embodiments, a physical multicast channel (PMCH) and/or other data channel may be used to perform one or more operations, including but not limited to those described above regarding the PDSCH. In some embodiments, an MBMS control channel (MCCFI) and/or other control channel may be used to perform one or more operations, including but not limited to those described above regarding the PDCCH.

0039J As used herein, the term "circuitry" may refer to, be part of, or include an Application Specific Integrated Circuit (ASIC), an electronic circuit, a processor (shared, dedicated, or group), and/or memory (shared, dedicated, or group) that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable hardware components that provide the described functionality. In some embodiments, the circuitry may be implemented in, or functions associated with the circuitry may be implemented by, one or more software or firmware modules. In some embodiments, circuitry may include logic, at least partially operable in hardware. Embodiments described herein may be implemented into a system using any suitably configured hardware and/or software.

004Θ] FIG. 2 illustrates a block diagram of an example machine in accordance with some embodiments. The machine 200 is an example machine upon which any one or more of the techniques and/or methodologies discussed herein may be performed. In alternative embodiments, the machine 200 may operate as a standalone device or may be connected (e.g., networked) to other machines. In a networked deployment, the machine 200 may operate in the capacity of a server machine, a client machine, or both in server-client network environments. In an example, the machine 200 may act as a peer machine in peer-to-peer (P2P) (or other distributed) network environment. The machine 200 may be a UE 102, eNB 104, access point (AP), station (STA), broadcast multicast service center (BM-SC) device, mobile device, base station, personal computer (PC), a tablet PC, a set-top box (STB), a personal digital assistant (PDA), a mobile telephone, a smart phone, a web appliance, a network router, switch or bridge, or any machine capable of executing instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single machine is illustrated, the term "machine" shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein, such as cloud computing, software as a service (SaaS), other computer cluster configurations.

Θ041] Examples as described herein, may include, or may operate on, logic or a number of components, modules, or mechanisms. Modules are tangible entities (e.g., hardware) capable of performing specified operations and may be configured or arranged in a certain manner. In an example, circuits may be arranged (e.g., internally or with respect to external entities such as other circuits) in a specified manner as a module. In an example, the whole or part of one or more computer systems (e.g., a standalone, client or server computer system) or one or more hardware processors may be configured by firmware or software (e.g., instructions, an application portion, or an application) as a module that operates to perform specified operations. In an example, the software may reside on a machine readable medium. In an example, the software, when executed by the underlying hardware of the module, causes the hardware to perform the specified operations.

[0042] Accordingly, the term "module^"' is understood to encompass a tangible entity, be that an entity that is physically constructed, specifically configured (e.g., hardwired), or temporarily (e.g., transitorily) configured (e.g., programmed) to operate in a specified manner or to perform part or all of any operation described herein. Considering examples in which modules are temporarily configured, each of the modules need not be instantiated at any one moment in time. For example, where the modules comprise a general-purpose hardware processor configured using software, the general-purpose hardware processor may be configured as respective different modules at different times. Software may accordingly configure a hardware processor, for example, to constitute a particular module at one instance of time and to constitute a different module at a different instance of time.

[0043] The machine (e.g., computer system) 2.00 may include a hardware processor 202 (e.g., a central processing unit (CPU), a graphics processing unit (GPU), a hardware processor core, or any combination tliereof), a main memory 204 and a static memory 206, some or all of which may communicate with each other via an interlink (e.g., bus) 208. The machine 200 may further include a display unit 210, an alphanumeric input device 212 (e.g., a keyboard), and a user interface (UI) navigation device 214 (e.g., a mouse). In an example, the display unit 210, input device 212 and UI navigation device 214 may be a touch screen display. The machine 200 may additionally include a storage device (e.g., drive unit) 216, a signal generation device 218 (e.g., a speaker), a network interface device 220, and one or more sensors 221, such as a global positioning system (GPS) sensor, compass, accelerometer, or other sensor. The machine 200 may include an output controller 228, such as a serial (e.g., universal serial bus (USB), parallel, or other wired or wireless (e.g., infrared (IR), near field communication (NFC), etc.) connection to communicate or control one or more peripheral devices (e.g., a printer, card reader, etc.).

[0044 J The storage device 216 may include a machine readable medium

222 on which is stored one or more sets of data structures or instructions 224 (e.g., software) embodying or utilized by any one or more of the techniques or functions described herein. The instructions 224 may also reside, completely or at least partially, within the main memory 204, within static memory 206, or within the hardware processor 202 during execution thereof by the machine 200. In an example, one or any combination of the hardware processor 202, the main memory 204, the static memory 206, or the storage device 216 may constitute machine readable media. In some embodiments, the machine readable medium may be or may include a n on -transitory computer-readable storage medium. In some embodiments, the machine readable medium may be or may include a computer-readable storage medium. [0045] While the machine readable medium 222 is illustrated as a single medium, the term "machine readable medium" may include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) configured to store the one or more instructions 224. The term, "machine readable medium" may include any medium that is capable of storing, encoding, or carrying instructions for execution by the machine 200 and that cause the machine 200 to perform any one or more of the techniques of the present disclosure, or that is capable of storing, encoding or carrying data structures used by or associated with such instructions. Non-limiting machine readable medium examples may include solid-state memories, and optical and magnetic media. Specific examples of machine readable media may include: non-volatile memory, such as semiconductor memory devices (e.g.. Electrically Programmable Read-Only Memory (EPROM), Electrically Erasable

Programmable Read-Only Memory (EEPROM)) and flash memory devices; magnetic disks, such as internal hard disks and removable disks; magneto-optical disks; Random Access Memory- (RAM); and CD-ROM and DVD-ROM disks. In some examples, machine readable media may include non-transitory machine readable media. In some examples, machine readable media may include machine readable media that is not a transitory propagating signal. Θ046] The instructions 224 may further be transmitted or received over a communications network 226 using a transmission medium via the network interface device 220 utilizing any one of a number of transfer protocols (e.g., frame relay, internet protocol (IP), transmission control protocol (TCP), user datagram protocol (UDP), hypertext transfer protocol (HTTP), etc.). Example communication networks may include a local area network (LAN), a wide area network (WAN), a packet data network (e.g., the Internet), mobile telephone networks (e.g., cellular networks), Plain Old Telephone (POTS) networks, and wireless data networks (e.g., Institute of Electrical and Electronics Engineers (IEEE) 802.11 family of standards known as Wi-Fi®, IEEE 802.16 family of standards known as WiMax®), IEEE 802.15.4 family of standards, a Long Term Evolution (LTE) family of standards, a Universal Mobile Telecommunications System (UMTS) family of standards, peer-to-peer (P2P) networks, among others. In an example, the network interface device 220 may include one or more physical jacks (e.g., Ethernet, coaxial, or phone jacks) or one or more antennas to connect to the communications network 226. In an example, the network interface device 220 may include a plurality of antennas to wirelessly communicate using at least one of single-input multiple-output (SIMO), multiple-input multiple-output (MIMO), or multiple-input single-output (MISO) techniques. In some examples, the network interface device 220 may wirelessly communicate using Multiple User ΜΙΜΌ techniques. The term 'transmission medium" shall he taken to include any intangible medium that is capable of storing, encoding or carrying instructions for execution by the machine 200, and includes digital or analog communications signals or other intangible medium to facilitate communication of such software.

[0047] FIG. 3 is a block diagram of an Evolved Node-B (eNB) in accordance with some embodiments. It should be noted that in some embodiments, the eNB 300 may be a stationary non-mobile device. The eNB 300 may be suitable for use as an eNB 104 as depicted in FIG. 1 . The eNB 300 may include physical layer circuitry 302 and a transceiver 305, one or both of which may enable transmission and reception of signals to and from the UE 200, other eNBs, other UEs or other devices using one or more antennas 30 . As an example, the physical layer circuitry 302 may perform various encoding and decoding functions that may include formation of baseband signals for transmission and decoding of received signals. As another example, the transceiver 305 may perform various transmission and reception functions such as conversion of signals between a baseband range and a Radio Frequency (RF) range. Accordingly, the physical layer circuitry 302 and the transceiver 305 may be separate components or may be part of a combined component. In addition, some of the described functionality related to transmission and reception of signals may be performed by a combination that may include one, any or all of the physical layer circuitry 302, the transceiver 305, and other components or layers. Tire eNB 300 may also include medium access control layer (MAC) circuitry 304 for controlling access to the wireless medium. The eNB 300 may also include processing circuitry 306 and memory 308 arranged to perform the operations described herein. The eNB 300 may also include one or more interfaces 310, which may enable communication with other components, including other eNBs 104 (FIG. 1), components in the EPC 120 (FIG. 1 ) or other network components. In addition, the interfaces 310 may enable communication with other components that may not be shown in FIG. 1, including components external to the network. The interfaces 310 may be wired or wireless or a combination thereof. It should be noted that in some embodiments, an eNB or other base station m ay include some or all of the components shown in either FIG. 2 or FIG, 3 or both.

[0048] FIG. 4 is a block diagram of a User Equipment (UE) in accordance with some embodiments. The UE 400 may be suitable for use as a UE 102 as depicted in FIG. 1, in some embodiments. It should be noted that in some embodiments, a UE or other mobile device may include some or all of the components shown in either FIG. 2 or FIG. 4 or both. It should also be noted that references to a UE as part of the description of FIG. 4 are not limiting, as techniques and/or components described regarding FIG. 4 may be applicable to oilier devices (such as STAs and/or other mobile devices) in some embodiments. It should be noted that in some embodiments, the UE 102 or other device may not necessarily include all of the components shown in FIG. 4.

Θ049] In some embodiments, the UE 102 may be configured to operate m accordance with an Internet of Things (IoT) protocol. In some embodiments, the UE 102 may be or may be configured to operate as an IoT device.

Accordingly, operations and/or techniques described herein for a UE 400 may be applicable to an IoT device, in some embodiments. In addition, an IoT device may include one or more components shown in FIG. 2 or FIG. 4 or both. In some cases, the IoT device may include fewer components and/or components than what is shown in FIG. 4, although the scope of embodiments is not limited in this respect.

[0050J In some embodiments, the UE 400 may include application circuitiy 402, baseband circuitry 404, Radio Frequency (RF) circuitry 406, front- end module (FEM) circuitry 408 and one or more antennas 410, coupled togetiier at least as shown. In some embodiments, other circuitrv' or arrangements may include one or more elements and/or components of the application circuitry 402, the baseband circuitry- 404, the RF circuitry 406 and/or the FEM circuitry 408, and may also include other elements and/or components in some cases. As an example, "processing circuitry" may include one or more elements and/or components, some or ail of which may be included in the application circuitry 402 and/or the baseband circuitry 404. As another example, "transceiver circuitry" may include one or more elements and/or components, some or all of which may be included in the RF circuitry 406 and/or the FEM circuits"}⁷ 408. These examples are not limiting, however, as the processing circuitry and/or the transceiver circuitry may also include other elements and/or components in some cases.

Θ051] In some embodiments, the UE 400 may be configured to communicate with multiple networks. In some embodiments, the UE 400 may include transcei ver circuitry and/or processing circuitry configured to support the communication with the multiple networks. For instance, the transceiver circuitry and/or processing circuitry may be multi-mode. In some embodiments, the UE 400 may include separate transceiver circuitry and/or processing circuitry to communicate with each of the multiple networks. For instance, the UE 400 may include dedicated transceiver circuity for communication with each network. The UE 400 may include dedicated processing circuitry for communication with each network, in some cases, although the scope of embodiments is not limited in this respect. In some embodiments, such communication with multiple networks may be performed during an overlapping time period. For instance, simultaneous communication or nearly simultaneous communication with the multiple networks may be possible, in some cases. The communication with the multiple networks may use different protocols, in some cases. As an example, the UE 400 may communicate with an LTE network and with a WLAN network.

[0052 J The application circuitry 402 may include one or more application processors. For example, the application circuitry 402 may include circuitry such as, but not limited to, one or more single-core or multi-core processors. The processor(s) may include any combination of general -purpose processors and dedicated processors (e.g., graphics processors,

application processors, etc.). The processors may be coupled with and/or may include memory/storage and may be configured to execute instructions stored in the memory/storage to enable various applications and/or operating systems to run on the system.

0053| The baseband circuitry 404 may include circuitry such as, but not limited to, one or more single-core or multi-core processors. The baseband circuitry 404 may include one or more baseband processors and/or control logic to process baseband signals received from a receive signal path of the RF circuitry 406 and to generate baseband signals for a transmit signal path of the RF circuitry 406. Baseband processing circuitry 404 may interface with the application circuitry 402 for generation and processing of the baseband signals and for controlling operations of the RF circuitry 406. For example, in some embodiments, the baseband circuitry 404 may include a second generation (2G) baseband processor 404a, third generation (3G) baseband processor 404b, fourth generation (4G) baseband processor 404c, and/or other baseband processor(s) 404d for other existing generations, generations in development or to be developed in the future (e.g., fifth generation (5G), 6G, etc.). The baseband circuitry 404 (e.g., one or more of baseband processors 404a-d) may handle various radio control functions that enable communication with one or more radio networks via the RF circuitry 406. The radio control functions may include, but are not limited to, signal modulation/demodulation,

encoding/decoding, radio frequency shifting, etc. In some embodiments, modulation/demodulation circuitry of the baseband circuitry 404 may include Fast-Fourier Transform (FFT), precoding, and/or constellation

mapping/demapping functionality. In some embodiments, encoding/decoding circuitry of the baseband circuitry 404 may include convolution, tail-biting convolution, turbo, Viterbi, and/or Low Density Parity Check (LDPC) encoder/decoder functionality. Embodiments of modulation/demodulation and encoder/decoder functionality are not limited to these examples and may include oilier suitable functionality in other embodiments. [0054] In some embodiments, the baseband circuits"}' 404 may include elements of a protocol stack such as, for example, elements of an evolved universal terrestrial radio access network (EUTRAN) protocol including, for example, physical (PHY), media access control (MAC), radio link control (RLC), packet data convergence protocol (PDCP), and/or radio resource control (RRC) elements. A central processing unit (CPU) 404e of the baseband circuitry 404 may be configured to run elements of the protocol stack for signaling of the PHY, MAC, RLC, PDCP and/or RRC layers. In some embodiments, the baseband circuitiy may include one or more audio digital signal processor(s) (DSP) 404f. The audio DSP(s) 404f may be include elements for

compression/decompression and echo cancellation and may include other suitable processing elements in other embodiments. Components of the baseband circuitry may be suitably combined in a single chip, a single chipset, or disposed on a same circuit board in some embodiments. In some embodiments, some or all of the constituent components of the baseband circuitry 404 and the application circuitry 402 may be implemented together such as, for example, on a system on a chip (SOC).

[0055] In some embodiments, the baseband circuitry 404 may pro vide for communication compatible with one or more radio technologies. For example, in some embodiments, the baseband circuitiy 404 may support communication with an evolved universal terrestrial radio access network (EUTRAN) and/or other wireless metropolitan area networks (WMAN), a wireless local area network (WLAN), a wireless personal area network (WPAN). Embodiments in which the baseband circuitry 404 is configured to support radio communications of more than one wireless protocol may be referred to as multi-mode baseband circuitiy.

[0056] RF circuitiy 406 may enable communication with wireless networks using modulated electromagnetic radiation through a non-solid medium. In various embodiments, the RF circuitry 406 may include switches, filters, amplifiers, etc. to facilitate the communication with the wireless network. RF circuitry 406 may include a receive signal path which may include circuitry to down-convert RF signals received from the FEM circuitry 408 and provide baseband signals to the baseband circuitry 404. RF circuitiy 406 may also include a transmit signal path which may include circuitry to up-convert baseband signals provided by the baseband circuitiy 404 and provide RF output signals to the FEM circuitry 408 for transmission.

[0057] In some embodiments, the RF circuitry 406 may include a receive signal path and a transmit signal path. The receive signal path of the RF circuitry 406 may include mixer circuitry 406a, amplifier circuitry 406b and filter circuitry 406c. The transmit signal path of the RF circuitry 406 may include filter circuitry 406c and mixer circuitry 406a. RF circuitry- 406 may also include synthesizer circuitry 4()6d for synthesizing a frequency for use by the mixer circuitiy 406a of the receive signal path and the transmit signal path. In some embodiments, the mixer circuitry 406a of the receive signal path may be configured to down-convert RF signals received from the FEM circuitry 408 based on the synthesized frequency provided by synthesizer circuitiy 406d. The amplifier circuitry 406b may be configured to amplify the down-converted signals and the filter circuitry 406c may be a low-pass filter (LPF) or band-pass filter (BPF) configured to remove unwanted signals from the down-converted signals to generate output baseband signals. Output baseband signals may be provided to the baseband circuitiy 404 for further processing. In some embodiments, the output baseband signals may be zero-frequency baseband signals, although this is not a requirement. In some embodiments, mixer circuitiy 406a of the receive signal path may compri se passive mixers, although the scope of the embodiments is not limited in this respect. In some embodiments, the mixer circuitiy 406a of the transmit signal path may be configured to up-convert input baseband signals based on the synthesized frequency provided by the synthesizer circuitry 406d to generate RF output signals for the FEM circuitry 408. The baseband signals may be provided by the baseband circuitry 404 and may be filtered by filter circuitry 406c. The filter circuitiy 406c may include a low-pass filter (LPF), although the scope of the embodiments is not limited in this respect.

[0058] In some embodiments, the mixer circuitiy 406a of the receive signal path and the mixer circuitry 406a of the transmit signal path may include two or more mixers and may be arranged for quadrature downconversion and/or upconversion respectively. In some embodiments, the mixer circuitrv' 406a of the receive signal path and the mixer circuitry 406a of the transmit signal path may include two or more mixers and may be arranged for image rejection (e.g., Hartley image rejection). In some embodiments, the mixer circuitry 406a of the receive signal path and the mixer circuitry 406a may be arranged for direct downconversion and/or direct upconversion, respectively. In some embodiments, the m ixer circuitry 406a of the receive signal path and the mixer circuitry 406a of the transmit signal path may be configured for super-heterodyne operation.

[0059] In some embodiments, the output baseband signals and the input baseband signals may be analog baseband signals, although the scope of the embodiments is not limited in this respect. In some alternate embodiments, the output baseband signals and the input baseband signals may be digital baseband signals. In these alternate embodiments, the RF circuitry 406 may include analog -to-digital converter (ADC) and digital-to-analog converter (DAC) circuitry' and the baseband circuitry- 404 may include a digital baseband interface to communicate with the RF circuitry 406. In some dual-mode embodiments, a separate radio IC circuitrv' may be provided for processing signals for each spectram, although the scope of the embodiments is not limited in this respect. Θ060] In some embodiments, the synthesizer circuitry 406d may be a fractional -N synthesizer or a fractional N/N+ 1 synthesizer, although the scope of the embodiments is not limited in this respect as other types of frequency synthesizers may be suitable. For example, synthesizer circuitry 406d may be a delta-sigma synthesizer, a frequency multiplier, or a synthesizer comprising a phase-locked loop with a frequency divider. The synthesizer circuitry 406d may be configured to synthesize an output frequency for use by the mixer circuitry 406a of the RF circuitry 406 based on a frequency input and a divider control input. In some embodiments, the synthesizer circuitrv' 406d may be a fractional N/N+ 1 synthesizer. In some embodiments, frequency input may be provided by a voltage controlled oscillator (VCO), although that is not a requirement. Divider control input may be provided by either the baseband circuitry 404 or the applications processor 402 depending on the desired output frequency. In some embodiments, a divider control input (e.g., N) may be determined from, a lookup table based on a channel indicated by the applications processor 402.

[0061] Synthesizer circuitry 406d of the RF circuitry 406 may include a divider, a delay-locked loop (DLL), a multiplexer and a phase accumulator. In some embodiments, the divider may be a dual modulus divider (DMD) and the phase accumulator may be a digital phase accumulator (DP A). In some embodiments, the DMD may be configured to divide the input signal by either N or N+1 (e.g., based on a cany out) to provide a fractional division ratio. In some example embodiments, the DLL may include a set of cascaded, tunable, delay elements, a phase detector, a charge purnp and a D-type flip-flop. In these embodiments, the delay elements may be configured to break a VCO period up into Nd equal packets of phase, where Nd is the number of delay elements in the delay line. In this way, the DLL provides negative feedback to help ensure that the total delay through the delay line is one VCO cycle.

[0062] In some embodiments, synthesizer circuitry 406d may be configured to generate a carrier frequency as the output frequency, while in other embodiments, the output frequency may be a multiple of the carrier frequency (e.g., twice the carrier frequency, four times the carrier frequency) and used in conjunction with quadrature generator and divider circuitry to generate multiple signals at the carrier frequency with multiple different phases with respect to each other. In some embodiments, the output frequency may be a LO frequency (flo). In some embodiments, the RF circuitry 406 may include an IQ/polar converter.

[0063] FEM circuitry 408 may include a receive signal path which may include circuitry configured to operate on RF signals received from one or more antennas 410, amplify the received signals and provide the amplified versions of the received signals to the RF circuitry 406 for further processing. FEM circuitry 408 may also include a transmit signal path which may include circuitry configured to amplify signals for transmission provided by the RF circuitry 406 for transmission by one or more of the one or more antennas 410.

[0064] In some embodiments, the FEM circuitry 408 may include a

TX/RX switch to switch between transmit mode and receive mode operation. The FEM circuitry may include a receive signal path and a transmit signal path. The receive signal path of the FEM circuitry may include a low-noise amplifier (LNA) to amplify received RF signals and provide the amplified received RF signals as an output (e.g., to the RF circuitry 406). The transmit signal path of the FEM circuitry 408 may include a power amplifier (PA) to amplify input RF signals (e.g., provided by RF circuitry 406), and one or more filters to generate RF signals for subsequent transmission (e.g., by one or more of the one or more antennas 410. In some embodiments, the UE 400 may include additional elements such as, for example, memory/storage, display, camera, sensor, and/or input/output (I/O) interface.

[0065] The antennas 230, 301, 410 may comprise one or more directional or omnidirectional antennas, including, for example, dipole antennas, monopole antennas, patch antennas, loop antennas, microstrip antennas or other types of antennas suitable for transmission of RF signals. In some multiple-input multiple-output (MIMO) embodiments, the antennas 230, 301 , 410 may be effectively separated to take advantage of spatial diversity and the different channel characteristics that may result.

[0066] In some embodiments, the UE 400 and/or the e^'NB 300 may be a mobile device and may be a portable wireless communication device, such as a personal digital assistant (PDA), a laptop or portable computer with wireless communication capability, a web tablet, a wireless telephone, a smartphone, a wireless headset, a pager, an instant messaging device, a digital camera, an access point, a television, a wearable device such as a medical device (e.g., a heart rate monitor, a blood pressure monitor, etc.), or other device that may receive and/or transmit information wirelessly. In some embodiments, the UE 400 or eNB 300 may be configured to operate in accordance with 3 GPP standards, although the scope of the embodiments is not limited in this respect. Mobile devices or other devices in some embodiments may be configured to operate according to other protocols or standards, including IEEE 802.11 or other IEEE standards. In some embodiments, the UE 400, eNB 300 or other device may include one or more of a keyboard, a display, a non-volatile memory port, multiple antennas, a graphics processor, an application processor, speakers, and other mobile device elements. The display may be an LCD screen including a touch screen,

[0067] FIG. 5 is a block diagram of a broadcast multicast service center

(BM-SC) in accordance with some embodiments. The BM-SC 500 may be suitable for use as a BM-SC 1850 as depicted in FIG. 18 (to be described below), in some embodiments. It should be noted that in some embodiments, the BM-SC 500 may be a stationary non-mobile device. The BM-SC 500 may- include processing circuitry 506 and memory 508 arranged to perform the operations described herein. The BM-SC 500 may also include one or more interfaces 510 (which may include interface circuitry in some embodiments), which may enable communication with other components, including eNBs 104 (FIG. 1 ), components in the EPC 120 (FIG. 1 ) or other network components. In addition, the interfaces 510 may enable communication with other components that may not be shown in FIG. 1, including components external to the network. The interfaces 510 may be wired or wireless or a combination thereof. It should be noted that in some embodiments, a BM-SC may include some or all of the components shown in either FIG. 2 or FIG. 5 or both.

[0068] Although the BM-SC 500, UE 400 and e\ B 300 are each illustrated as having several separate functional elements, one or more of the functional elements may be combined and may be implemented by combinations of software -configured elements, such as processing elements including digital signal processors (DSPs), and/or other hardware elements. For example, some elements may comprise one or more microprocessors, DSPs, field- programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), radio-frequency integrated circuits (RFICs) and combinations of various hardware and logic circuitry for performing at least the functions described herein. In some embodiments, the functional elements may refer to one or more processes operating on one or more processing elements.

[0069J Embodiments may be implemented in one or a combination of hardware, firmware and software. Embodiments may also be implemented as instructions stored on a computer-readable storage device, which may be read and executed by at least one processor to perform the operations described herein. A computer-readable storage device may include any non-transitory mechanism for storing information in a form readable by a machine (e.g., a computer). For example, a computer-readable storage device may include readonly memory (ROM), random-access memory (RAM), magnetic disk storage media, optical storage media, flash-memory devices, and other storage devices and media. Some embodiments may include one or more processors and may be configured with instructions stored on a computer-readable storage device.

[0070] It should be noted that in some embodiments, an apparatus used by the eNB 300 may include one or components of the eNB 300 and/or machine 200 as shown in FIGs. 2 and 3. Accordingly, techniques and operations described herein that refer to the eNB 300 (or 104) may be applicable to an apparatus for an eNB. In some embodiments, an apparatus used by the UE 400 may include one or more components of the UE 400 and/or machine 200 as shown in FIGs. 2 and 4. Accordingly, techniques and operations described herein that refer to the UE 400 (or 102) may be applicable to an apparatus for a UE, In some embodiments, an apparatus used by the BM-SC 500 may include one or more components of the BM-SC 500 and/or machine 200 as shown in FIGs. 2 and 5. Accordingly, techniques and operations described herein that refer to the BM-SC 500 may be applicable to an apparatus for a BM-SC.

[0071] In accordance with some embodiments, the UE 102 may be configured to receive downlink signals from an eNB 104 of a 3GPP LTE network . Transmission of uplink signals to the 3GPP LTE network may be restricted, in some cases. The UE 102 may transmit, to an access point (AP) and in accordance with a wireless local area network (WLAN) protocol, a request for a service key for a downlink data service with the eNB 104. The UE 102 may receive a service key from the AP, and may use the service key to decrypt a traffic key received from the eNB 104. The traffic key may be used to decrypt data packets received as part of the downlink data service. These embodiments are described in more detail below.

[0072] FIG. 6 illustrates the operation of a method of communication in accordance with some embodiments. It is important to note that embodiments of the method 600 may include additional or even fewer operations or processes in

I/.. comparison to what is illustrated in FIG. 6. In addition, embodiments of the method 600 are not necessarily limited to the chronological order that is shown in FIG. 6. In describing the method 600, reference may be made to FIGs. 1-5 and 7-17, although it is understood that the method 600 may be practiced with any other suitable systems, interfaces and components.

[0073] In addition, while the method 600 and other methods described herein may refer to eNBs 104 or UEs 102 operating in accordance with 3GPP standards, 5G standards, WLAN standards and/or other standards, embodiments of those methods are not limited to just those eNBs 104 or UEs 102 and may also be practiced on other devices, such as a Wi-Fi access point (AP) or user station (STA). In addition, the method 600 and other methods described herein may be practiced by wireless devices configured to operate in other suitable types of wireless communication systems, including systems configured to operate according to various IEEE standards such as IEEE 802.11. The method 600 and other methods described herein may also refer to an apparatus for a UE 1 2 and/or eNB 104 and/or BM-SC and/or other device described above.

[0074] It should be noted that the method 600 and other methods described herein may be practiced by a wireless device that may be arranged to operate in accordance with one or more standards, such as 3 GPP LTE standards, WLAN standards and/or other standards, in some embodiments. Accordingly, although reference may be made to a UE 102 in the description of the method 600, it is understood that any suitable wireless device, such as a STA 102 and/or other device, may be used in some embodiments. As an example, a UE 102 may be configured to receive packets from a 3GPP network and to receive packets from a WLAN, in some embodiments. As another example, an IoT device and/or UE 102 may be configured to receive packets from a 3GPP network and to transmit and receive packets from a WL AN, in some embodiments. As another example, a UE 102 may be configured to operate as an IoT device and/or may be configured to operate in accordance with an IoT protocol.

[0075] It should also be noted that embodiments are not limited by references herein to transmission, reception and/or exchanging of elements such as frames, messages, requests, indicators, signals or other elements. In some embodiments, such an element may be generated, encoded or otherwise processed by processing circuitry (such as by a baseband processor included in the processing circuitry) for transmission. The transmission may be performed by a transceiver or other component, in some cases. In some embodiments, such an element may be decoded, detected or otherwise processed by the processing circuitry (such as by the baseband processor). Hie element may be received by a transceiver or other component, in some cases. In some embodiments, the processing circuitn' and the transceiver may be included in a same apparatus. The scope of embodiments is not limited in this respect, however, as the transceiver may be separate from the apparatus that comprises the processing circuitry, in some embodiments.

Θ076] In some embodiments, the method 600 and/or other methods described herein may be practiced by a UE 102 that is configured to receive downlink signals from cellular networks, such as a 3GPP LTE network or other network . In some embodiments, transmission of uplink signals to cellular networks may be restricted or even impossible. As an example, the UE 102 may comprise a transceiver that is configured to receive signals from cellular networks but not to transmit signals to cellular networks. As another example, the UE 102 may comprise a transceiver that is capable of uplink transmission to a cellular network but may operate in a mode in which such uplink transmission is restricted or even prohibited. As another example, the UE 102 may be configured to operate as a downlink UE 102 for which transmission of uplink signals to cellular networks (such as a 3GPP LTE network or other network) is restricted. In these and other examples, the UE 102 may be configured to perform "downlink only" operation, in which the UE 102 may receive downlink signals from, cellular networks and may refrain from, transmission of uplink signals to cellular networks (and/or generation of uplink signals for such transmission), in some cases. In some embodiments, downlink reception of signals from a cellular network may be possible, uplink reception of signals to the cellular network may be restricted or impossible, and both downlink and uplink communication with other networks and/or devices (such as WLAN, Bluetooth, Zigbee and/or others) may be possible. [0077] In some embodiments, operations of the m ethod 600 and/or other methods described herein may be performed in accordance with a cellular network such as the 3GPP network shown in FIG. 1, the MBMS network shown in FIG. 18 and/or a combination of such networks. In addition, such operations may also be performed, in some embodiments, in accordance with a cellular network that may include components from one or more of the figures herein, including but not limited to FIGs. 1, 7-13, and 18. In some embodiments, the cellular network may include additional components, some of which may not necessarily be shown in those figures.

[0078] At operation 605 of the method 600, the UE 102 may store one or more keys. In some embodiments, the keys may be used as part of a reception of data services. As a non-limiting example, such data services may be received from a 3GPP LTE network. The keys may be pre-stored in memory at the UE 102, in some embodiments, although the scope of embodiments is not limited in this respect. In some cases, the keys may be delivered to the UE 102 using any suitable technique, and may be stored in memory. The memory may include internet protocol (IP) multimedia services identity module (ISIM), universal subscriber identity module (USIM), secure storage and/or other storage, in some cases.

Θ079] Non-limiting examples of keys that may be used for the data service may include decryption keys, traffic keys, service keys and/or other keys. For instance, a Multimedia Broadcast Multicast Service (MBMS) service key (MSK), an MBMS traffic key (MTK) and/or other key related to MBMS may be used.

[0080] At operation 610, the UE 102 may determine whether a downlink data service is available. As an example, the UE 102, may determine whether a particular data service is available. For instance, the UE 102 may make the determination in response to a user input that indicates a desire to receive the particular data service. As another example, the UE 102 may determine one or more data services that are available. In some embodiments, one or more messages (such as control messages or other messages) may be received on a cellular link from an eNB 104 of a 3GPP LTE network. Such messages may indicate one or more available data services from the 3GPP LTE network. Such messages may be broadcast messages, in some embodiments, but the scope of embodiments is not limited in this respect. As a non-limiting example, the downlink data service may be or may include enhanced Multimedia Broadcast Multicast Sen' ice (eMBMS). However, embodiments are not limited to eMBMS sen-ices, and other data sen/ices may be used in some cases.

[0081 J At operation 615, the UE 102 may whether one or more keys

(such as service keys, traffic keys and/or other keys) are valid for usage with one or more downlink data services, in some embodiments, a validity of a group of decryption keys stored at the UE 102 for an eMBMS data service may be determined. As an example, the UE 102 may determine whether a service key is expired based at least partly on a back-off timer for the sen/ice key. As another example, the UE 102 may attempt to decrypt a downlink data packet using a traffic key, and may determine whether the service key is valid based on whether the attempted decryption is successful.

[0082] At operation 620, the UE 102 may determine an availability of

APs and or WLANs. In some embodiments, the UE 102 may monitor for WLAN signals as part of the determination. As an example, the UE 102 may monitor for potential connectivity to a WLAN and/or non-cellular network. For instance, the UE 102 may attempt to receive a beacon signal and/or other signal from such a network. When such connectivity is available, the UE 102 may perform operations such as requesting keys, updating keys and/or other operations. As an example, a request for a sendee key may be transmitted when it is determined that an AP is available.

[0083] In some embodiments of the method 600 and/or other methods described herein, a non-cellular network may be external to a cellular network. For instance, the UE 102 may communicate with a WLAN that may be external to a 3GPP LTE network from which the UE 102 may receive signals.

[0084] At operation 625, the UE 102 may transmit, to an AP, a setup message for a non-cellular link between the UE 1 2 and the AP, In some embodiments, the setup message may be transmitted in accordance with a WLAN protocol, although the scope of embodiments is not limited in this respect. In some embodiments, the UE 102 may setup a connection with the 3GPP LTE network, such as a hyper text transfer protocol (HTTP) connection and/or oilier connection, for which the non-cellular link may be included and/or used. In such a connection, the AP may operate as a relay between the UE 102 and the 3GPP LTE network. Accordingly, the AP may exchange signals with the UE 102 on the non-cellular link. Messages and other information may be sent by the UE 102 to the AP for forwarding to the 3 GPP LTE network, in some cases. As a non-limiting example, the AP may forward requests, messages and/or other information to a broadcast multicast service center (BM-SC) 500 of the 3 GPP LTE network.

[0085] As an example, the UE 102 may transmit the setup message for the non-cellular link when one or more events occur, including but not limited to determination that the connectivity to the WLAN is possible, determination that one or more keys are invalid and/or other events.

[0086] It should be noted that although the UE 102 may communicate with an AP and/or WLAN over the non-cellular link in some embodiments, the scope of embodiments is not limited in this respect. It is understood that in some embodiments, the UE 102 may communicate over a non-cellular link with other devices and/or networks, and may use other techniques (such as Bluetooth, Zigbee and/or others) for such communication . Accordingly, some or all operations described as part of the method 600 and/or others, such as the transmission of a setup message to the AP, reception of messages from the AP that include security information, monitoring for an availability of the AP and/or oilier operations may be performed using other devices and/or networks in some embodiments.

[0087] At operation 630, the UE 102 may transmit, to the AP, a request for a service key for the downlink data service. At operation 635, the UE 102 may receive, from the AP, a first security control message. As a non-limiting example, the first security control message may be or may include an HTTP 401 WWW-Authenticate message or similar message. At operation 640, the UE 102 may determine the service key based on the first security control message. In some embodiments, the exchanging of messages, such as those in operations 630, 635 and/or others, may be performed in accordance with a WLAN protocol. As an example, the request for the sen/ice key may be transmitted when it is determined that a stored sen-ice key is expired. Accordingly, die request may be for an updated se dee key, and the sendee key determined at operation 640 may be an updated sendee key. As another non-limiting example, the request may be for an initial sendee key for a particular data service that is to be received.

[0088J The first security control message may be based on the service key, in some cases. For instance, the first security control message may include the sendee key and/or an encrypted version of the sendee key. In some cases, the UE 102 may use another key to decrypt the first security control message to generate the sendee key.

[0089] At operation 645, the UE 102 may receive a second securit ⁷ control message from the eNB 104. At operation 650, the UE 102 may decrypt, m accordance with the sendee key, the second security control message to determine a traffic key. At operation 655, the UE 102 may receive, from the eNB 104, one or more downlink data packets as part of the data, service. At operation 660, the UE 102 may decrypt, in accordance with the traffic key, the data packets.

[0090] In some embodiments, the second security control message and/or the data packets may be received over a cellular link with the eNB 104. As an example, the second security control message and/or the data packets may be received in accordance with a 3GPP LTE protocol. In some cases, such as when it is determined one or more previously stored keys are expired, the sendee key and/or traffic key may be an updated key.

[0091] It should also be noted that embodiments are not limited to exchanging of messages related to keys between the UE 102, eNB 104 and AP. In some embodiments, messages related to other aspects of security and/or authentication may be exchanged. For instance, the UE 102 may be configured to operate as a downlink UE 102 and may exchange such messages with the AP (including uplink transmissions from the UE 102 to the AP) and may receive such messages on the downlink from the eNB 104. The downlink messages received from the eNB 104 may include broadcast messages and/or dedicated messages,

[0092] FIG. 7 illustrates example architectures in accordance with some embodiments. FIGs. 8-11 and 13 illustrate example flow diagrams for methods of providing security in accordance with some embodiments. FIG. 12 illustrates example connections between a UE and a cellular network in accordance with some embodiments. FIGs. 14 and 15 illustrate operation of other methods of communication in accordance with some embodiments. It should be noted that the examples shown in FIGs. 7-15 may illustrate some or all concepts and/or techniques described herein, but embodiments are not limited by the examples shown in FIGs. 7-15 in terms of number, type, arrangement or other aspects of the components and operations shown. Some embodiments may include one or more components shown in any of FIGs. 7-15, and some embodiments may include other components. Some embodiments may include one or more operations shown in any of FIGs. 7-15, and some embodiments may include other operations.

[0093] Referring to FIG . 7, the example implementation 700 may use a non-cellular uplink connection 710 for security and authentication to receive eMBMS services. In some embodiments, a connection access management (CAM) entity 705 may cover the LTE and/or non-cellular policies. That is, the CAM 705 may ensure whether an LTE or non-cellular link is used at startup and that the LTE downlink connection is established in some cases. In the example implementation 750, security and authentication information (such as keys and/or other) may be pre-stored. In some embodiments, a downlink-only modem 765 may be utilized. In some embodiments, an uplink connection may not be used. The security and authentication keys may be pre-stored in UICC and/or NVM 760. In some cases, the security and authentication keys may be updated (using the modem 765) upon a change of security keys.

[0094] As indicated by (1) in FIG. 8, upon request from an loT application and/or a request from a device user, a CAM entity 823 may determine whether eMBMS service is to be received by the device. As an example, a phone/tablet user may also request the eMBMS service, in some cases. In some embodiments, the request may be automatically generated, such as by machine logic. For instance, a secure meter may receive a software update at a pre-defined time period. As indicated by (2) in FIG. 8, the CAM 823 may send an 'eMBMS Service availablity Request' message (and/or similar message) to the LTE modem 824 to determine whether the interested eMBMS sen-ices transmitted by cellular network are available or unavailable. As indicated by (3) in FIG. 8, the LTE modem 824 may perform 3GPP procedures to receive eMBMS related downlink signalling. The LTE modem 824 may determine the list of eMBMS sendees from eMBMS signalling and may send an eMBMS sen- ices list to the C AM 823. As indicated by (4) in FIG. 8, upon receiving the list of eMBMS sen-ices from the LTE modem 824, the CAM 823 may determine whether to proceed for receiving eMBMS service(s) or not.

[0095J As indicated by (5) in FIG. 8, the CAM 823 may send a 'non- cellular link request' (and/or similar message) to non-cellular entities 821 present in the loT device 820. For instance, multiple entities, such as USB, Bluetooth and/or others, may be present in the IoT device 820. As indicated by (6) in FIG. 8, upon determining whether the non-cellular link is successful, the non-cellular link entity 815 may send a message to indicate such success or failure to the CAM 823. As indicated by (7) in FIG. 8, the CAM 823 may perform one or more uplink operations, such as sending an 'eMBMS interest indication' (and/or similar message) to the BM-SC (included in 810). For instance, the IP address, port and other parameters to setup an IP connection may be present in SDP (Service Description Protocol), and related messages may be used. As indicated by (8) in FIG. 8, an eMBMS keys may have been stored in a 1 ICC or NVM entity from previous operations or at bootup. The eMBMS security mechanism entity in the CAM 823 may determine if security procedures need to be executed, based on a validity of stored keys and/or other factors.

[0096J As indicated by (9) in FIG. 8, upon determining whether security and/or authentication are to be performed, the eMBMS security mechanism entity may execute security procedures with the eMBMS network 810 using the non-cellular link. It should be noted that MTKs may be typically received in one of the eMBMS services using the downlink-only modem 824. As indicated by (10) in FIG. 8, upon successful execution of security procedures, the eMBMS security mechanism entity may store eMBMS security keys in the UICC or NVM for future purpose. It should be noted that in case the MTK (EMBMS Traffic Keys) changes dynamically, these keys may be received over the eMBMS channel, and uplink may not be needed. As indicated by (11) in FIG. 8, the CAM 823 may initiate an eMBMS service request in order for the modem 824 to start receiving eMBMS traffic. As indicated by (12) in FIG. 8, the modem 824 may receive eMBMS traffic data and may send it to upper layers. As indicated by (13) in FIG. 8, the CAM 823 may perform the security procedures in coordination with the UICC/NVM. As indicated by (14) in FIG. 8, the loT device 820 may start to consume eMBMS services.

[0097] FIG. 9 shows an example eMBMS security architecture from an end-to-end perspective. In some embodiments, procedures that may be used by a dedicated point-to-point (PTP) link may be performed using a non-cellular link 925. In some embodiments, procedures that may be used by an eMBMS link (Point-to-Multipoint) may be performed by a downlink-only modem using a cellular link 935. Figure 10 shows an example flow diagram 1000 of an eMBMS security and authentication mechanism . It should be noted that, in some embodiments, a PDN connection may use an LTE modem, which may not necessarily be restricted to downlink-only operation, to communicate with the BSF 1015 and/or BM-SC 1010. In some embodiments, multimedia internet keying (MIKEY) messages, which may be included in a 3GPP standard and/or other standard in some embodiments, may be used by the BM-SC 1010 on a dedicated PDN connection to deliver MSKs to the UE 1020.

[Θ098] FIG. 11 shows another example flow diagram in accordance with some embodiments. In some embodiments, a PDN connection may not be available when the UE 102 (or loT device 1120) includes a downlink-only modem 1123. In some embodiments, a method of communication between the BSF 1115, die BM-SC 11 10 and the loT Device 1120 may use any or all of the operations described below. In some embodiments, additional operations and/or similar operations may be used. As indicated by (1) in FIG, 1 1, a BSF address may be determined using suitable techniques, including but not limited to legacy techniques. As indicated by (2) in FIG. 1 1, the CAM 1 122 may determine whether a bootstrap needs to be executed. In some cases, the operation indicated by (5) in FIG. 1 1 (to be described below) may be utilized to setup a connection with BM-SC 1 1 10. The CAM 1 122 may- setup a TLS tunnel between the CAM 1 122 and a network element such as the BSF 1 1 15. A non-cellular link may be utilized for this purpose using the BSF fully qualified domain name, in some cases. FIG . 12 shows examples of communication links between CAM 1220, BSF 1205, and BM-SC 1210. As indicated by (3) in FIG. 1 1, a bootstrap method may be executed as per legacy functionality using a new non-cellular link. An IOT device may have a B-TID as the outcome of the bootstrap method. As indicated by (4) in FIG. 1 1, BM-SC IP address and port information may be received in SDP and/or a legacy procedure. The CAM 1 122 may determine BM-SC IP information to setup an IP connection to BM-SC.

[0099] As indicated by (5) in FIG. 1 1, the UE 102 and the BM-SC

1 1 10 may setup an IP link through non-cellular means. It should be noted that in some cases, such as in a current 3GPP specification, a PDN connection may be setup at this point. Since PDN connection cannot be available using non-cellular link, a method of using an IP link may be used. As indicated by (6) and (7) in FIG. 1 1 , legacy HTTP digest messages may be executed over a non-cellular link. The non-cellular link may be independent of HTTP messages. As indicated by (8) in FIG . 1 1, since a PDN connection may not be available, usage of a MIKEY message may not be applicable in this case. Accordingly, operations for communication of MSKs from BM-SC 1 110 to IOT device 1 120 may be used, as shown in FIG 13.

[00100] As indicated by ( 1) in FIG. 13, one or more of the following authentication mechanisms may be utilized between an loT device 1320 and the BM-SC 1310 over a non-cellular link before using HTTP messages - a) shared key-based UE authentication (HTTP Digest) with certificate-based NAF authentication (TLS), b) shared key-based mutual authentication between UE and NAF (PSK TLS), c) certificate based mutual authentication between UE and AS. In some embodiments, the usage of TLS as in (a) may be used as the UE 102 (or loT device 1320) and the BM-SC 1310 may already be using HTTP digest for other messages. Therefore, a similar mechanism may be extended for MSKs in some cases. In some embodiments, an HTTP 401 WWW-Authenticate message (or similar message) may be utilized to deliver the list of MSKs. In some embodiments, the CAM 1322 may respond with an HTTP POST (or similar message) as an acknowledgement.

[00101] Referring to FIG. 14, an example key refresh pre-condition is shown. The UE 1400 (which may be an IOT device, in some embodiments) may have already received an MSK and an MTK at least once and may have stored these keys in secure storage.

[00102] Referring to FIG. 15, as indicated by (I) in FIG. 15, the UE 102 may determine whether it is to receive (and/or if it needs to receive) eMBMS services. As indicated by (2) in FIG. 15, the UE 102 may determine whether the stored MSK is good or not for a secured eMBMS service. For that, a back-off timer mechanism may be used, including but not limited to a mechanism defined in a 3GPP standard (such as 33.246 in section 6.3.1 and/or other) and/or other standard. As indicated by (3) in FIG. 15, since a back-off timer is not expired, the UE 102 may attempt to receive secured eMBMS services using a stored MSK. As indicated by (4) in FIG. 15, the UE 102 may check whether it fails to receive eMBMS services using the stored MSK. As indicated by ( 1) in FIG. 15, a back-off timer may be expired. The UE 102 may execute an MSK request procedure using a non-cellular uplink procedure, including but not limited to the procedure shown in FIG. 1 3. As indicated by (6) in FIG. 1 5, the UE 102 may receive secured eMBMS services using the MSK a method of MSK updating is shown.

[00103] FIG. 16 illustrates the operation of another method of communication in accordance with some embodiments. FIG. 17 illustrates the operation of another method of communication in accordance with some embodiments. As mentioned previously regarding the method 600,

embodiments of the methods 1600 and/or 3700 may include additional or even fewer operations or processes in comparison to what is illustrated in FIGs. 16 and 17. Embodiments of the methods 1600 and/or 1700 are not necessarily limited to the chronological order that is shown in FIGs. 16 and 17. In describing the methods 1600 and/or 1700, reference may be made to any of FIGs. 1-17, altliough it is understood that the methods 1600 and/or 1700 may be practiced with any other suitable systems, interfaces and components. In addition, embodiments of the method 1600 and/or 1700 may be applicable to UEs 102, eNBs 104, STAs, APs, BM-SC devices 500 or other wireless or mobile devices. The method 1600 may be applicable to a BM-SC 500 and/or an apparatus for a BM-SC, in some embodiments. The method 1700 may be applicable to an eNB 104, other base station, an apparatus for an eNB 104 and/or apparatus for another base station, in some embodiments.

[00104] It should be noted that one or more operations of the methods 600, 1600 and/or 1700 may be reciprocal to, similar to and/or related to one or more operations included in one of the other methods. As an example, an operation of the method 600 may include reception of a message at a UE 102 from an eNB 104, and an operation of the method 1700 may include

transmission of the same message or similar message by the eNB 1 4. As another example, an operation of the method 600 may include reception of a message at the UE 102 from, an AP operating as a relay for a BM-SC 500, and an operation of the method 1600 may include sending of the same message or similar message by the BM-SC 500 to the AP for forwarding to the UE 102.

[00105] In addition, pre vious discussion of various techniques and concepts may be applicable to the methods 1600 and/or 1700 in some cases, including eMBMS, data, services, service keys, traffic keys, HTTP connections and messages, cellular links, non-cellular links, downlink only operation of a UE 102 m a downlink only mode, restriction of uplink transmissions of the UE 102, and/or others. In addition, some or all aspects of the examples shown in FIGs. 7- 15 may be applicable in some cases. [00106] It should also he noted that in some embodiments, operations of the methods 1600, 700 and/or other methods described herein may be performed in accordance with a cellular network such as the 3GPP network shown in FIG. 1, the MBMS network shown in FIG. 18 and/or a combination of such networks. In addition, such operations may also be performed, in some embodiments, in accordance with a cellular network that may include components from one or more of the figures herein, including but not limited to FIGs. 1 , 7-13, and 18. In some embodiments, the cellular network may include additional components, some of which may not necessarily be shown in those figures.

[00107] At operation 1605, the BM-SC 500 may receive, from an access point (AP) of a wireless local area network (WLAN) operating as a relay for a UE 102, a request for a service key for a downlink data service with an eNB 104 of a 3GPP LTE network. In some embodiments, the BM-SC 500 may be included in the 3GPP LTE network and the request for the sendee key may be received from the AP on a hyper text transfer protocol (HTTP) link between the UE 102 and the 3GPP LTE network for which the AP operates as a relay, altliough the scope of embodiments is not limited in this respect. In some cases, the HTTP link may be established when the UE 102 is a downlink UE 102 for which transmission of uplink signals to the 3GPP LTE network is restricted.

[00108] At operation 1610, the BM-SC 500 may send, to the AP for forwarding to the UE 102, a first security control message based on the service key for the downlink data service. In some embodiments, the first security control message may include the service key and/or an encrypted version of it. At operation 1615, the BM-SC 500 may encrypt, based on the service key, a traffic key for the downlink data service. At operation 1620, the BM-SC 500 may send, to the eNB 104 for forwarding to the UE 102, a second security control message based on the traffic key for the downlink service. In some embodiments, the second security control message may include the traffic key and/or an encrypted version of it. In some embodiments, the downlink data service may include an enhanced Multimedia Broadcast Multicast Service (eMBMS) data service. [00109] At operation 1705 of the method 1700, the eNB 104 may receive, from a BM-SC 500, one or more traffic keys to be used by a group of downlink UEs 102 for a data service. At operation 1710, the eNB 104 may transmit, to the group of downlink UEs 102, a security control message that indicates the traffic keys. At operation 1715, the eNB 104 may refrain from monitoring for uplink messages from the group of downlink UEs 102, Accordingly, it may be known by the eNB 104 that the UEs in the group are configured to operate as downlink UEs, in some cases. At operation 172,0, the eNB 104 may transmit data packets encrypted according to the traffic keys as part of the data sen/ice.

[00110] At operation 1725, the eNB 104 may receive, from another UE

102, not configured as a downlink UE 102, a request for a session key. At operation 1730, the eNB 104 may transmit, to the other UE 102, a control message based on a session key for the other UE 102. At operation 1735, the eNB 104 may transmit, to the other UE 102, a control message based on a traffic key for the other UE 102. It should be noted that embodiments are not limited to transmission of separate control messages for session key and traffic key transmissions to the UE 102 that is not configured as a downlink UE 102. In some cases, combined control messages may be used.

[00111] At operation 1740, the eNB 104 may transmit one or more data packets as part of the data sendee. The data packets may be encrypted in accordance with traffic keys, in some embodiments. In some cases, the data packets may be transmitted using broadcast techniques, although the scope of embodiments is not limited in this respect. As an example, the data packets may be broadcast to multiple UEs 102 configured to operate as downlink UEs 102. As another example, the data packets may be broadcast to multiple UEs 102 configured to communicate with the eNB 104 in both uplink and downlink (for instance, UEs 102 that are not downlink UEs 102). As another example, the data packets may be broadcast to one o THQfC U Es 102 configured to operate as downlink UEs 102 and to one or more UEs 102 configured to communicate with the eNB 104 in both uplink and downlink (for instance, UEs 102 that are not downlink UEs 102). [00112] FIG. 18 illustrates an example architecture for Multimedia

Broadcast Multicast Service (MBMS) for Long Term Evolution (LTE) in accordance with some embodiments. It should be noted that in some embodiments, techniques and/or operations described herein may be implemented by a network such as the example network 1800 shown in FIG. 8. In some embodiments, additional components may be included, including but not limited to components shown in FIG. 1 and/or components shown in other FIGs herein. In addition, some embodiments may not necessarily include all components shown in FIG. 18.

[00113] Embodiments are also not limited to the ordering, arrangement and/or type of components as shown in the example network 1800. In some embodiments, the network 1800 may include one or more components that may^¬ be included in a 3GPP LTE standard and/or other standard. However, the scope of embodiments is not limited in this respect, as other components, which may or may not be included in a standard, may be used in some cases. In addition, various interfaces are shown in FIG. 18 which may enable communication between components. Those interfaces may be included in a 3GPP LTE standard and/or other standard, in some cases, but the scope of embodiments is not limited in this respect. In some embodiments, other suitable interfaces may be used.

[00114] One or more UEs 1815 of a broadcast service area 1810 may- receive broadcast data from one or more eNBs 1805. The eNB 1805 may communicate (either directly or indirectly) with components such as the MCE 1820 and BM-SC 1850 and others, in some embodiments. As shown in the example network 1800, a multi-cell coordination entity (MCE) 1820 may be included in a network and may perform one or more operations and/or control operations related to eMBMS sendees. For instance, the MCE 1820 may be part of a control plane for an eMBMS arrangement, in some embodiments.

[00115] In some embodiments, the BM-SC 1850 may communicate with other networks, such as WLAN networks, non-cellular networks and/or other networks, in accordance with some operations and/or techniques described herein. As an example, the BM-SC 1850 may send messages to a component of another network for forwarding to the UE 1815 (such as a security message that indicates a security key for the UE 815 or other message). As another example, the BM-SC 1850 may receive messages from a component of another network on behalf of the UE 1815 (such as a request for a security key or other message).

[00116] In some embodiments, the MCE 1820 may perform, one or more operations related to admission control, radio resource allocation, counting procedure handling, session control signaling, resumption/suspension of MBMS session(s) and/or other operations. In some embodiments, the MME 1830 may perform one or more operations related to interfaces for session control signaling between the MBMS-GW 1845 and the MCE 1820 and/or other operations. In some embodiments, the content provider 1835 may perform operations related to providing discrete and continuous data, providing sen/ice descriptions and control data, configuration of session and transmission functions (for instance, deliver and/or associated delivery) and/or other operations. In some embodiments, the BM-SC 1850 may perform one or more operations related to user service discovery/announcement functions, confidentiality and integrity protection, forward error correction (FEC), key management functions, file repair, delivery verification and reception and/or other operations. In some embodiments, the MBMS-GW 1 45 may perform one or more operations related to sending/broadcasting MBMS packets to the eNB 1805 (which may use IP multicast in some cases), MBMS session control signaling (such as session start/stop and/or other) towards an E-UTRAN network via the MME 1830 and/or other operations.

[00117] FIG. 19 illustrates an example MBMS scenario in accordance with some embodiments. FIG. 20 illustrates an example MBMS scenario in accordance with some embodiments. FIG. 21 illustrates encryption examples in accordance with some embodiments. It should be noted that in FIG. 21 , an arrow that originates at a first component and terminates at a second component may indicate, in some embodiments, that the second component is protected by and/or encrypted with the first component. As an example, the MUK 21 10 may^¬ be used to encrypt and/or protect the MSKs 2120. As another example, the MSKs 2120 may be used to encrypt and/or protect the MTKs 2130. As another example, the MTKs 2130 may be used to encrypt and/or protect the data 2140.

[00118] In some embodiments, a device (which may be a UE 102 or other device) may comprise a downlink-only LTE modem and non-cellular means for uplink. The device may perform security and authentication procedures to receive eMBMS services. In some embodiments, the device may use one or more other modes of communication available for uplink services in order to perform security and authentication procedures to receive secure eMBMS services. Non-limiting examples of such modes may include WLAN, Wi-Fi, Bluetooth, Zigbee and/or others. In some embodiments, the device may setup an HTTP link with the non-cellular link whenever uplink communication is to be used to communicate to the cellular network. In some embodiments, the device may support an HTTP mode of communication and messages such as an "HTTP 401 WWW- Authenticate message" and/or others to receive MSKs keys from the BM- SC. in some embodiments, the device may support, one or more security and/or authentication procedures without using any uplink connection. In some embodiments, the device may pre-store the security keys in secure storage to receive secure eMBMS services using the pre-stored keys. In some embodiments, the device may update the security keys using downlmk-only modem and may store them in secure storage. In some cases, these keys may be used, at a current time or at a later time, to receive secure eMBMS services.

[00119] In some embodiments, a BM-SC may support an HTTP connection from a non-cellular entity and may support HTTP messaging for eMBMS security and authentication procedures. In some embodiments, the

BM-SC may support secure HTTP connections over the non-cellular link.

Furthermore, the BM-SC may support any or all HTTP messages over that non-cellular link towards a device. In some embodiments, the BM-SC may support an HTTP message, such as an "HTTP 401 WWW -Authenticate message" and/or other, with MS -IDs as parameters to deliver MSKs to a device over a secure link specified. [00120] In some embodiments, a BSF may support an HTTP connection from a non-cellular entity. In some embodiments, the BSF may- support a secure HTTP connection over the non-cellular link. Furthermore, the BSF may support any or all HTTP messages over that non-cellular link towards a device. In some embodiments, the BSF may utilize a secure TLS tunnel for setting up secure HTTP link.

[00121] In Example 1, an apparatus for a User Equipment (UE) may comprise memory. The apparatus may further comprise processing circuitry. The processing circuitry may be configured to encode, for transmission to an access point (AP) in accordance with a wireless local area network (WLAN) protocol, a request for a service key for a downlink data service with an Evolved Node-B (eNB) of a Third Generation Partnership Project (3GPP) Long Term Evolution (LTE) network. The processing circuitry may be further configured to determine the service key based on a first security control message received from the AP. The processing circuitry may be further configured to decrypt, in accordance with the sendee key, a second security control message received from the eNB to generate a traffic key for the downlink data service. The processing circuitry may be further configured to decrypt, in accordance with the traffic key, a downlink data packet received from the eNB in accordance with a 3GPP LTE protocol.

[00122] In Example 2, the subject matter of Example 1, wherein the UE may be configured to operate as a downlink UE for which transmission of uplink signals to the 3GPP LTE network is restricted.

[00123] In Example 3, the subject matter of one or any combination of Examples 1-2, wherein the processing circuitry may be further configured to refrain from generation of uplink signals for tran smission to the 3GPP LTE network.

[00124] In Example 4, the subject matter of one or any combination of

Examples 1-3, wherein the downlink data service may include an enhanced Multimedia Broadcast Multicast Sendee (eMBMS) data sendee. The downlink data packet may include an eMBMS packet. The sendee key may include a Multimedia Broadcast Multicast Sendee (MBMS) service key (MSK), The traffic key may include an MBMS traffic key (MTK),

[00125] In Example 5, the subject matter of one or any combination of

Examples 1-4, wherein the processing circuitry may be further configured to determine an availability of the AP based on a monitoring for WLAN signals. The request for the service key may be generated when it is determined that the AP is available.

[00126] In Example 6, the subject matter of one or any combination of

Examples 1-5, wherein the request for the sendee key may be encoded for transmission to the AP for forwarding to a broadcast multicast service center (BM-SC) of the 3 GPP LTE network.

[00127] In Example 7, the subject matter of one or any combination of

Examples 1 -6, wherein the request for the service key may be encoded for transmission to the AP on a hyper text transfer protocol (HTTP) link between the UE and the 3GPP LTE network for which the AP operates as a relay.

[00128] In Example 8, the subject matter of one or any combination of

Examples 1-7, wherein the first security control message may include an HTTP 401 WWW-Authenticate message.

[00129] In Example 9, the subject matter of one or any combination of Examples 1 -8, wherein the processing circuitr ' may be further configured to determine whether the service key is expired based at least partly on a back-off timer for the service key or whether the decryption of the downli k data packet is successful. The processing circuitrv' may be further configured to encode, for transmission to the AP in accordance with the WLAN protocol, a request for an updated service key for the downlink data sendee when it is determined that the sen ice key is expired.

[00130] In Example 10, the subject matter of one or any combination of

Examples 1 -9, wherein the UE may be configured to operate as an Internet of Things (IoT) device.

[00131] In Example 1 1 , the subject matter of one or any combination of

Examples 1-10, wherein the processing circuitry may include a baseband processor to encode the request for the service key, determine the service key, decrypt the second security control message, and decrypt the downlink data packet.

[00132] In Example 12, the subject matter of one or any combination of

Examples 1-11, wherein the apparatus may include a transceiver to transmit the request for the senice key to the AP, receive the first security control message from the AP, receive the second security control message from the eNB, and receive the downlink data packet from the eNB.

[00133] In Example 13, a computer-readable storage medium may store instructions for execution by one or more processors to perform operations for communication by a User Equipment (UE). The operations may configure the one or more processors to determine, based on a broadcast message received on a cellular link from an Evolved Node-B (eNB) of a Third Generation Partnership Project (3GPP) Long Term Evolution (LTE) network, whether an enhanced Multimedia Broadcast Multicast Service (eMBMS) data service is available. The operations may further configure the one or more processors to determine a validit ' of a group of decryption keys stored at the UE for the eMBMS data service. The operations may further configure the one or more processors to, when it is determined that the group of decryption key s are invalid for the eMBMS data service, generate, for transmission to an access point (AP) in accordance with a wireless local area network (WLAN) protocol, a setup message for a non-cellular link between the UE and the AP. The operations may further configure the one or more processors to, when it is determined that the group of decryption keys are invalid for the eMBMS data, service, determine an updated deciyption key for the eMBMS data service based on a security message received from the AP on the non-cellular link.

[00134] In Example 14, the subject matter of Example 13, wherein the group of decryption keys may include a service key and a traffic key, the updated decryption key is an updated service key, and the security message is a first security message. The operations may further configure the one or more processors to decrypt, in accordance with the updated service key, at least a portion of a second security message to determine an updated traffic key for the eMBMS data service. The operations may further configure the one or more processors to decrypt, in accordance with the updated traffic key, a downlink eMBMS data packet received on the cellular link.

[00135] In Example 15, the subject matter of one or any combination of

Examples 13-14, wherein the group of decryption keys may include a traffic key . The operations may further configure the one or more processors to, when it is determined thai the group of decryption keys are valid for the eMBMS data service, decrypt, in accordance with the traffic key , a downlink eMBMS data packet received on the cellular link.

[00136] In Example 16, the subject matter of one or any combination of Examples 13-15, wherein the security message received on the non-cellular link includes an HTTP 401 WWW-Authenticate message.

[00137] In Example 17, the subject matter of one or any combination of

Examples 13-16, wherein the UE may be configured to operate as a downlink UE for which transmission of uplink signals to the 3GPP LTE network is restricted.

[00138] In Example 18, the subject matter of one or any combination of

Examples 13-17, wherein the setup message may be generated for transmission to the AP for forwarding to a broadcast multicast service center (BM-SC) of the 3GPP LTE network.

[00139] In Example 19, a broadcast multicast service center (BM-SC) may comprise memory. The BM-SC may further comprise processing circuitry. The processing circuitry may be configured to receive, from an access point (AP) of a wireless local area network (WLAN) operating as a relay for a User Equipment (UE), a request for a sendee key for a downlink data service with an Evolved Node-B (eNB) of a Third Generation Partnership Project (3GPP) Long Term. Evolution (LTE) network. The processing circuitry may be further configured to send, to the AP for forwarding to the UE, a first security control message based on die service key for the downlink data service. The processing circuitry may be further configured to encrypt, based on the service key , a traffic key for the downlink data service. The processing circuitry may be further configured to send, to the eNB for forwarding to the LTE, a second security control message based on the traffic key for the downlink service. [00140] In Example 2,0, the subject matter of Example 19, wherein the request for the service key may be received from the AP on a hyper text tra sfer protocol (HTTP) link between the UE and the 3GPP LTE network for which the AP operates as a relay. The first securit ' control message may be sent to the AP on the HTTP link. The HTTP link may be established when the UE is a downlink UE for which transmission of uplink signals to the 3GPP LTE network is restricted.

[00141] In Example 21 , the subject matter of one or any combination of

Examples 19-20, wherein the downlink data service may include an enhanced Multimedia Broadcast Multicast Sen-ice (eMBMS) data service. The downlink data packet may include an eMBMS packet. The service key may include a Multimedia Broadcast Multicast Service (MBMS) sendee key (MSK). The traffic key may include an MBMS traffic key (MTK).

[00142] In Example 22, the subject matter of one or any combination of Examples 19-21, wherein the first security control message may include an HTTP 401 WWW-Authenticate message,

[00143] In Example 23, an apparatus for an Evolved Node-B (eNB) may comprise memory. The apparatus may further comprise processing circuitry. The processing circuitry may be configured to determine that User Equipments (UEs) in a group of UEs are downlink UEs for which uplink transmission to the eNB is restricted. The processing circuitry may be further configured to generate, for a broadcast transmission to the group of UEs, a security control message based on traffic keys to be used by the UEs for an enhanced Multimedia Broadcast Multicast Sendee (eMBMS) data sendee, the traffic keys received from a broadcast multicast sendee center (BM-SC). The processing circuitry may be further configured to generate an eMBMS data packet for a broadcast transmission to the group of UEs as part of the eMBMS data service. The processing circuitry may be further configured to refrain from monitoring for uplink messages from the group of UEs.

[00144] In Example 24, the subject matter of Example 23, wherein the security control message may be a first security control message and the traffic keys may be included in a first group of traffic keys. The processing circuitry may be further configured to determine, based on an uplink message received from another UE not configured as a downlink UE, a request for a session key for the eMBMS data sen/ice. The processing circuitry may be further configured to generate, for transmission to the other UE, a second security control message that indicates the session key. The processing circuitry may be further configured to generate, for transmission to the other UE, a third security control message that indicates another traffic key that is to be used by the other UE with the eMBMS data sen' ice,

[00145] In Example 25, the subject matter of one or any combination of Examples 23-24, wherein the processing circuitry may include a baseband processor to determine that the UEs are downlink UEs, to generate the security control message, and to generate the eMBMS data, packet.

[00146] In Example 26, the subject matter of one or any combination of

Examples 23-25, wherein the apparatus may include a transcei ver to transmit the security control message and to transm it the eMBMS data packet.

[00147] In Example 27, an apparatus for a User Equipment (UE) may comprise means for encoding, for transmission to an access point (AP) in accordance with a wireless local area network (WLAN) protocol, a request for a service key for a downlink data service with an Evolved Node-B (eNB) of a Third Generation Partnership Project (3GPP) Long Term Evolution (LTE) network. The apparatus may further comprise means for determining the service key based on a first security control message received from the AP. The apparatus may further comprise means for decrypting, in accordance with the service key, a second security control message received from the eNB to generate a traffic key for the downlink data service. The apparatus may further comprise means for decrypting, in accordance with the traffic key, a downlink data packet received from the eNB in accordance with a 3GPP LTE protocol .

[00148] In Example 28, the subject matter of Example 27, wherein the UE may be configured to operate as a downlink UE for which transmission of uplink signals to the 3GPP LTE network is restricted.

[00149] In Example 29, the subject matter of one or any combination of

Examples 27-28, wherein the downlink data service may include an enhanced Multimedia Broadcast Multicast Sendee (eMBMS) data sendee. The downlink data packet may include an eMBMS packet. The sendee key may include a Multimedia Broadcast Multicast Sendee (MBMS) sendee key (MSK). The traffic key may include an MBMS traffic key (MTK).

[00150] In Example 30, a broadcast multicast sendee center (BM-SC) may comprise means for receiving, from an access point (AP) of a wireless local area network (WLAN) operating as a relay for a User Equipment (UE), a request for a sendee key for a downlink data sendee with an Evolved Node-B (eNB) of a Third Generation Partnership Project (3GPP) Long Term Evolution (LTE) network. The apparatus may further comprise means for sending, to the AP for forwarding to the UE, a first security control message based on the service key for the downlink data service. The apparatus may further comprise means for encrypting, based on the service key, a traffic key for the downlink data service. The apparatus may further comprise means for sending, to the eNB for fonvarding to the UE, a second security control message based on the traffic key for the downlink service.

[00151] In Example 31, the subject matter of Example 30, wherein the downlink data service may include an enhanced Multimedia Broadcast Multicast Sen ice (eMBMS) data sendee. The downlink data packet may include an eMBMS packet. The sendee key may include a Multimedia Broadcast Multicast Sendee (MBMS) sendee key (MSK). The traffic key may include an MBMS traffic key (MTK),

[00152] The Abstract is provided to comply with 37 C.F.R. Section

1.72(b) requiring an abstract that will allow the reader to ascertain the nature and gist of the technical disclosure. It is submitted with the understanding that it will not be used to limit or interpret the scope or meaning of the claims. The following claims are hereby incorporated into the detailed description, with each claim standing on its own as a separate embodiment.

Claims

What is claimed is: 1. An apparatus for a User Equipment (UE), the apparatus comprising: memory; and processing circuitry, configured to:

encode, for transmission to an access point (AP) in accordance with a wireless local area network (WLAN) protocol, a request for a service key for a downlink data service with an Evolved Node-B (eNB) of a Third Generation Partnership Project (3GPP) Long Term Evolution (LTE) network;

determine the service key based on a first security_' control message received from the AP;

decrypt, in accordance with the service key, a second security control message received from the eNB to generate a traffic key for the downlink data service; and

decrypt, in accordance with the traffic key, a downlink data packet received from the eNB in accordance with a 3GPP LTE protocol.

2. The apparatus according to claim 1, wherein the UE is configured to operate as a downlink UE for which transmission of uplink signals to the 3GPP LTE network is restricted.

3. The apparatus according to claim 1, the processing circuitry- further configured to refrain from generation of uplink signals for transmission to the 3 GPP LTE network.

4. The apparatus according to claim 1, wherein:

the downlink data service includes an enhanced Multimedia Broadcast Multicast Service (eMBMS) data service,

the downlink data packet includes an eMBMS packet,

the sen-ice key includes a Multimedia Broadcast Multicast Service (MBMS) se dee key (MSK), and the traffic key includes an MBMS traffic key (MTK).

5. The apparatus according to claim I, wherein:

the processing circuitry is further configured to determine an availability of the AP based on a monitoring for WLAN signals, and

the request for the sen-ice key is generated when it is determined that the AP is available.

6. Tire apparatus according to claim 1, wherein the request for the service key is encoded for transmission to the AP for forwarding to a broadcast multicast sen'ice center (BM-SC) of the 3GPP LTE network.

7. The apparatus according to claim 1, wherein the request for the service key is encoded for transmission to the AP on a hyper text transfer protocol (HTTP) link between the UE and the 3GPP LTE network for which the AP operates as a relay.

8. The apparatus according to any of claims 1-7, wherein the first security control message includes an HTTP 401 WWW-Authenticate message.

9. The apparatus according to claim 1, the processing circuitry further configured to:

determine whether the service key is expired based at least partly on a back-off timer for the sendee key or whether the deciyption of the downlink data packet is successful: and

encode, for transmission to the AP in accordance with the WLAN protocol, a request for an updated sendee key for the downlink data sendee when it is determined that the sendee key is expired.

10. The apparatus according to claim 1 , wherein the UE is configured to operate as an Internet of Tilings (loT) device.

1 1. The apparatus according to claim 1, wherein the processing circuitry includes a baseband processor to encode the request for the sendee key, determine the sendee key, deciypt the second security control message, and decrypt the downlink data packet.

12. The apparatus according to claim 1, wherein the apparatus includes a transceiver to transmit the request for the service key to the AP, receive the first security control message from the AP, receive the second security control message from the eNB, and receive the downlink data packet from the eNB.

13. A computer-readable storage medium that stores instructions for execution by one or more processors to perform operations for communication by a User Equipment (UE), the operations to configure the one or more processors to:

determine, based on a broadcast message received on a cellular link from an Evolved Node-B (eNB) of a Third Generation Partnership Project (3GPP) Long Term Evolution (LTE) network, whether an enhanced Multimedia Broadcast Multicast Sendee (eMBMS) data service is available;

determine a validity of a group of decryption keys stored at the UE for the eMBMS data service; and

when it is determined that the group of decryption keys are invalid for the eMBMS data sendee:

generate, for transmission to an access point (AP) in accordance with a wireless local area network (WLAN) protocol, a setup message for a non- cellular link between the UE and the AP; and

determine an updated decryption key for the eMBMS data sen'ice based on a security message received from the AP on the non-cellular link.

14. The computer-readable storage medium according to claim 13, wherein: the group of decryption keys includes a service key and a traffic key, the updated decryption key is an updated sen/ice key, and the security message is a first security message, and

the operations are to further configure the one or more processors to: decrypt, in accordance with the updated service key, at least a portion of a second security message to determine an updated traffic key for the eMBMS data service; and

decrypt, in accordance with the updated traffic key, a downlink eMBMS data packet received on the cellular link.

15. The computer-readable storage medium according to claim 13, wherein:

the group of decryption keys includes a traffic key, and

the operations are to further configure the one or more processors to, when it is determined that the group of decryption keys are valid for the eMBMS data service, decrypt, in accordance with the traffic key, a downlink eMBMS data packet received on the cellular link. 6. The computer-readable storage medium according to claim 13, wherein the security message received on the non-cellular link includes an HTTP 401 WWW -Authenticate message.

17. The computer-readable storage medium according to claim 13, wherein the UE is configured to operate as a downlink UE for which transmission of uplink signals to the 3GPP LTE network is restricted.

18. The computer-readable storage medium according to claim 13, wherein the setup message is generated for transmission to the AP for forwarding to a broadcast multicast service center (BM-SC) of the 3GPP LTE network.

19. A broadcast multicast service center (BM-SC), comprising: memory; and processing circuitr -, configured to:

receive, from an access point (AP) of a wireless local area network (WLAN) operating as a relay for a User Equipment (UE), a request for a service key for a downlink data service with an Evolved Node-B (eNB) of a Third Generation Partnership Project (3GPP) Long Term Evolution (LTE) network; send, to the AP for forwarding to the UE, a first security control message based on the service key for the downlink data service;

encrypt, based on the sendee key, a traffic key for the downlink data service; and

send, to the eNB for forwarding to the UE, a second security control message based on the traffic key for the downlink sendee.

20. The BM-SC according to claim 19, wherein:

the request for the sendee key is received from the AP on a hyper text transfer protocol (HTTP) link between the UE and the 3GPP LTE network for which the AP operates as a relay,

the first security control message is sent to the AP on the HTTP link, the HTTP link is established when the UE is a downlink UE for which transmission of uplink signals to the 3GPP LTE network is restricted.

21. The BM-SC apparatus according to claim 19, wherein:

the downlink data service includes an enhanced Multimedia Broadcast Multicast Service (eMBMS) data sendee,

the downlink data packet includes an eMBMS packet,

the sendee key includes a Multimedia Broadcast Multicast Sendee (MBMS) sendee key (MSK), and

the traffic key includes an MBMS traffic key (MTK). 22. The BM-SC according to claim 19, wherein the first security control message includes an HTTP 401 WWW- Authenticate message.

2.3. An apparatus for an Evolved Node-B (eNB), the apparatus comprising: memory; and processing circuitry, configured to:

determine that User Equipments (UEs) in a group of UEs are downlink UEs for which uplink transmission to the eNB is restricted;

generate, for a broadcast transmission to the group of UEs, a security control message based on traffic keys to be used by the UEs for an enhanced Multimedia Broadcast Multicast Service (eMBMS) data service, the traffic keys received from a broadcast multicast service center (BM-SC);

generate an eMBMS data packet for a broadcast transmission to the group of UEs as part of the eMBMS data sen-ice; and

refrain from monitoring for uplink messages from, the group of UEs.

24. The apparatus according to claim 23, wherein:

the security control message is a first security control message and the traffic keys are included in a first group of traffic keys;

the processing circuitry is further configured to:

determine, based on an uplink message received from another UE not configured as a downlink UE, a request for a session key for the eMBMS data service;

generate, for transmission to the other UE, a second security control message that indicates the session key ; and

generate, for transmission to the other UE, a third security control message that indicates another traffic key that is to be used by the other UE with the eMBMS data sen-ice.

25. The apparatus according to claim 23, wherein the processing circuitry includes a baseband processor to determine that the UEs are downlink UEs, to generate the security control message, and to generate the eMBMS data packet.

26. The apparatus according to claim 23, wherein the apparatus includes a transceiver to transmit the security control message and to transmit the eMBMS data packet.