Selection and use of a security agent for device-to-device (d2d) wireless communications

1 - 35 . (canceled) 36 . A method comprising: detecting, by a base station (BS), a failure of an interface between the BS and a core network; sending, by the BS, a failure notification message to one or more mobile stations (MSs) of a cell indicating the failure of the interface between the BS and the core network; selecting, by the BS, one or more of the MSs to be a security agent (SA); and sending a SA configuration message to one or more of the MSs, the SA configuration message including a service identification identifying one or more services, one or more user group IDs identifying one or more user groups for which the MS has been configured as a security agent to perform the one or more identified services, and a BS access key to allow one or more other MSs to access or establish a connection with the BS. 37 . The method of claim 36 further comprising: receiving, by the BS, a security agent (SA) notification from one or more of the MSs, the SA notification including at least a service profile identifying one or more services that the MS can perform for one or more device-to-device (D2D) MSs, and one or more user group IDs that identify one or more user groups of which the MS is a member. 38 . The method of claim 37 wherein the security agent (SA) notification comprises a capability indication that indicates that the MS is capable of performing the one or more services identified by the service profile. 39 . The method of claim 37 wherein the security agent (SA) notification comprises a SA notification that indicates that the MS has been preconfigured to perform the one or more services identified by the service profile. 40 . The method of claim 37 wherein the service profile identifying one or more services that the MS can perform for one or more device-to-device (D2D) MSs identifies one or more of a cluster head service and a security agent service, wherein the cluster head service is provided for a D2D cluster, and the security agent service is provided for one or more D2D MSs. 41 . The method of claim 36 wherein the service identification included in the SA configuration message identifies that the MS has been configured as a cluster head for one or more identified user groups. 42 . The method of claim 36 wherein the service identification included in the SA configuration message identifies that the MS has been configured as a security agent for one or more identified user groups. 43 . The method of claim 36 further comprising: receiving at the BS from one or more of the MSs a SA configuration confirm message confirming the configuration of the MS as a security agent to perform at least one of the services for one or more user groups. 44 . The method of claim 36 further comprising: broadcasting, by the BS, a SA advertisement message to one or more MSs, the SA advertisement message identifying at least cell resources to be used by the selected security agent to transmit reference and/or beacon signals for synchronization and proximity discovery. 45 . The method of claim 36 further comprising: broadcasting, by the BS, a SA advertisement message to one or more MSs, the SA advertisement message identifying at least cell resources to be used by the selected security agent to transmit reference and/or beacon signals for synchronization and proximity discovery and one or more user group IDs that identify user groups associated with the reference signal resources. 46 . The method of claim 36 , wherein the MS comprises a first MS, the method further comprising: receiving, by the BS, a connection establishment request from a second MS that includes one or more fields, at least one of the fields being encrypted using the BS access key; authenticating the second MS based on the encrypted field and the BS access key; sending, by the BS to the second MS, a connection establishment response indicating that the requested connection to the BS has been established. 47 . The method of claim 36 , wherein the MS comprises a first MS, the method further comprising: receiving, by the BS, a connection establishment request from a second MS that includes a plurality of fields including at least a MSID and a user group for which the second MS is a member, at least one of the fields being encrypted using a user group key associated with the user group for which the second MS is a member; associating the user group in the connection establishment request with the first MS; sending, based on the associating, an authentication request from the BS to the first MS, the authentication request including at least the field encrypted based on the user group key; receiving, by the BS from the first MS, an authentication response indicating that the second MS is authenticated and permitted to establish a connection to the BS, the first MS authenticating; and sending, by the BS to the second MS, a connection establishment response indicating that the requested connection to the BS has been established based on the authentication response. 48 . An apparatus comprising at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause a base station (BS) at least to: detect a failure of an interface between the BS and a core network; send a failure notification message to one or more mobile stations (MSs) of a cell indicating the failure of the interface between the BS and the core network; select one or more of the MSs to be a security agent (SA); and send a SA configuration message to one or more of the MSs, the SA configuration message including a service identification identifying one or more services, one or more user group IDs identifying one or more user groups for which the MS has been configured as a security agent to perform the one or more identified services, and a BS access key to allow one or more other MSs to access or establish a connection with the BS. 49 . The apparatus of claim 48 , wherein the least one memory and the computer program instructions are configured to, with the at least one processor, cause the BS at least to: receive a security agent (SA) notification from one or more of the MSs, the SA notification including at least a service profile identifying one or more services that the MS can perform for one or more device-to-device (D2D) MSs, and one or more user group IDs that identify one or more user groups of which the MS is a member. 50 . The apparatus of claim 49 , wherein the security agent (SA) notification comprises a capability indication that indicates that the MS is capable of performing the one or more services identified by the service profile or a SA indication that indicates that the MS is capable of performing the one or more services identified by the service profile. 51 . The apparatus of claim 48 , wherein the service identification included in the SA configuration message identifies that the MS has been configured as a cluster head for one or more identified user groups or that the MS has been configured as a security agent for one or more identified user groups. 52 . An apparatus comprising at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause a mobile station (MS) at least to: receive, from a base station (BS), a failure notification message indicating a failure of a BS-core network interface; send, to the BS, a security agent (SA) notification, the SA notification including at least a MSID identifying the MS, a service profile identifying one or mor