Generally when a user equipment (UE) in a connected state moves from one cellular access node such as an eNB to another, new security/encryption keys are used after the changeover. At the same time, more ubiquitous wireless local area networks WLANs in combination with the public's increasing awareness of communications security has driven greatly improved security for IEEE 802.11 type radio access technologies. Future implementations of the LTE cellular radio access technology are to include LTE-WLAN aggregation (LWA) in which a cellular eNB can route some of the traffic (PDCP PDUs) for a given UE's bearer to a WLAN access point (AP) to which the UE has a simultaneous connection. In LWA there is a wireless termination (WT) which is a logical node that terminates the Xw interface and is in control of one or more WLAN APs, so a given UE's WLAN connection can hand over from one AP to another without the UE changing its WT, depending on the APs involved. Similarly, in LWA it is also possible for the UE's cellular connection to hand over from one eNB to another without changing its WT; this can occur even when the UE's WLAN connection is also handed over to another AP so long as the source and target APs are under the same WT.
With respect to LWA in Rel-13 of LTE, at the eNB handover the LWA configuration of the source eNB is released and the UE should release any existing encryption keys it has. This is because the relevant encryption keys, including the key S-KWT which is a WLAN security key used for the cellular link, are based on the eNB-specific key KeNB which in this handover case would be associated with the source eNB that the UE is no longer associated to after the hand over. The target eNB would then send a brand new LWA configuration with its own KeNB to the UE after the handover. If the target eNB wishes to use eNB-based WLAN authentication it would have to include a parameter called WT counter as part of the new LWA configuration it gives to the UE since this is used along with the parameter KeNB to derive the key S-KWT that is also used for WLAN authentication (in this regard it functions similar to the IEEE pairwise master key PMK). The UE will then compute the key S-KWT based on the KeNB of the target eNB, and also based on the WT counter parameter in the new LWA configuration the target eNB signals to the UE. The same applies to the packet data convergence protocol (PDCP) encryption keys since the PDCP ciphering key also changes upon handover based on the eNB-specific value KeNB. The PDCP ciphering key enables the WT and AP to send to the UE packets that are forwarded to the WT from the eNB.
While the above eNB-based WLAN authentication method that is defined in the Rel-13 LWA specifications of LTE is intended to be faster than legacy authentication methods based on EAP/AKA 802.1x/AAA (and may in fact be faster), the invention herein can improve that speed of authentication even further as set forth below. While LWA is the specifically described example the broader teachings herein are not limited only to the LWA radio technology environment. For example, the development of 5G cellular radio access technologies is expected to have a cellular-WLAN integration for simultaneously serving a given UE and it is certain to include robust security features to which these teachings can be applied; or these teachings can be implemented with other integrations of different radio access technologies (RATs).