Method and Apparatus for Direct Communication Key Establishment

1 . A method, performed by a User Equipment device, UE, for obtaining a key for direct communication with a device over an air interface, wherein the UE has previously acquired a transaction identifier received from a Bootstrapping Server Function, BSF, in a Generic Bootstrapping Architecture, GBA, procedure, the method comprising: storing the transaction identifier, sending the transaction identifier to the device and requesting key generation for direct communication with the device; if the transaction identifier is invalid, the method further comprises: receiving from the device a device identifier and key generation information, deriving a session shared key from at least the key generation information, and deriving a direct communication key from at least the session shared key and the device identifier. 2 . A method as claimed in claim 1 , wherein the invalid transaction identifier is used as an identifier of the UE. 3 . A method as claimed in claim 1 , wherein the interface comprises a Proximity Services, ProSe, interface. 4 . A method as claimed in claim 1 , further comprising discovering the device through a discovery procedure. 5 . (canceled) 6 . A method as claimed in claim 1 , wherein the UE further sends a direct communication element identifier, direct key set identifier, DKSI, a list of security algorithms supported by the UE, and a nonce generated by the UE, to the device. 7 . A method as claimed in claim 6 , further comprising receiving a Message Authentication Code, MAC, with the device identifier and key generation information, wherein the MAC is generated using the direct communication key or a key derived from the direct communication key. 8 . A method as claimed in claim 7 , further comprising receiving the DKSI, lifetime, at least one security algorithm chosen by the device from the list of security algorithms, said list of security algorithms supported by the UE and a nonce generated by the device together with the MAC, device identifier and key generation information. 9 .- 10 . (canceled) 11 . A method as claimed in claim 1 , wherein the UE cannot initiate another GBA bootstrapping procedure. 12 . A method as claimed in claim 1 , wherein the UE does not comprise a valid shared secret with a Bootstrapping Server Function, BSF. 13 . A method, performed by a device, for obtaining a key for direct communication with a User Equipment device, UE, over an air interface, the method comprising: receiving from the UE an invalid transaction identifier and a request to obtain a direct communication key; sending to a Direct Communication Element the transaction identifier and a device identifier, and requesting the Direct Communication Element to provide the device with the direct communication key; and receiving the direct communication key and key generation information from the Direct Communication Element; and sending the key generation information and the device identifier to the UE. 14 . A method as claimed in claim 13 , wherein the invalid transaction identifier is used as an identifier of the UE. 15 . A method as claimed in claim 13 , wherein the interface comprises a Proximity Services, ProSe, interface, and the Direct Communication Element comprises at least one of ProSe Function, a ProSe Key Management Function or a ProSe Key Management Server. 16 . A method as claimed in claim 13 , further comprising discovering the UE through a discovery procedure. 17 . (canceled) 18 . A method as claimed in claim 13 , wherein the device further receives from the UE a direct communication element identifier, a direct key set identifier, DKSI, a list of security algorithms supported by the UE and a nonce generated by the UE. 19 . A method as claimed in claim 17 , wherein the device further sends to the UE the DKSI, a lifetime, at least one security algorithm chosen from the list of security algorithms supported by the UE, said list of security algorithms supported by the UE and a nonce generated by the device. 20 .- 22 . (canceled) 23 . A method, performed by a Direct Communication Element, for establishing a key for direct communication over an interface between a User Equipment device, UE, and a device, the method comprising: receiving from the device a transaction identifier, a device identifier, and a request to provide a direct communication key to the device; determining if the transaction identifier is invalid, if the transaction identifier is invalid, the method further comprises using the transaction identifier to identify the UE, sending a request to a bootstrapping server function, BSF, for key generation information and a session shared key from, and receiving said key generation information and session shared key from the BSF, deriving a direct communication key from at least the session shared key and the device identifier sending the direct communication key and the key generation information to the device. 24 . A method as performed in claim 23 , wherein using the transaction identifier to identify the UE comprises the direct communication element matching the transaction identifier with a stored transaction identifier from a previous Generic Bootstrapping Architecture procedure. 25 . A method as claimed in claim 24 , further comprising mapping the matched transaction identifier to a public UE identifier and sending the public UE identifier to the BSF. 26 . (canceled) 27 . A method as claimed in claim 23 , wherein the interface comprises a Proximity Services, ProSe, interface, and the Direct Communication Element comprises at least one of a ProSe Function, a ProSe Key Management Function or a ProSe Key Management Server. 28 . (canceled) 29 . A method as claimed in claim 23 wherein the device comprises at least one of: a UE; a UE-to-Network Relay. 30 . A method as claimed in claim 23 , wherein the key generation information comprises Generic Bootstrapping Architecture Push Information, GPI and the transaction identifier is a bootstrapping transaction identifier, B-TID. 31 . (canceled) 32 . A system for securing direct communication between a User Equipment device, UE, and a device over an interface, the system comprising a UE, a device and a Direct Communication Element; wherein the UE comprises means for sending an invalid transaction identifier to the direct communication element via the device, and the direct communication element comprises means for using the invalid transaction identifier to identify the UE, the direct communication element further comprises means for obtaining a session shared key and Generic Bootstrapping Architecture Push Information, GPI, deriving a direct communication key from at least the session shared key, and sending the direct communication key and the GPI to the device, wherein the device comprises means for sending the GPI to the UE, and wherein the UE comprises means for deriving the session shared key from at least the GPI and to derive the direct communication key from the session shared key. 33 .- 68 . (canceled) 69 . A User equipment device, UE, for obtaining a key for direct communication with a device over an interface, the UE comprising a processor and a memory, said memory containing instructions that when executed cause the UE to; store a transaction identifier obta