It's my understanding that the RSA support within the BCM20737S will provide a path for authentication and other security mechanisms that rely on the capability to run standard security functions (SHA1, MD5 etc.).
For instance, you may need to authenticate a user before opening/unlocking a BLE based device or authenticate a secure medical device before granting it access to an iPhone.
I don't think pairing is excluded, but will need to check with the developers.
I know that one of our partners,iDevices, also supports custom authentication within their BCM20732S based module as well.
As far as I can see ECDH (Elliptic Curve Diffie-Hellman) is not part of the Bluetooth Low Energy specification yet (see here: LE Security | Bluetooth Development Portal ), maybe in the next release. This means the communication is sensitive to eavesdropping.
You will need to probably come up with your own key agreement protocol on top of the BT Low Energy. Depending the capability of your slave, you may be able to implement ECDH. If the target device is not powerfull enough you may need to find something else. I have seen, on-line, implementation with the Merkel's puzzle: Merkle's Puzzles - Wikipedia, the free encyclopedia