A-1	GW checks if (TG − Ti) ≤ ΔT, where TG is the current timestamp of GW system.
	If (TG − Ti) ≤ ΔT, then the next step proceeds; otherwise, this phase is aborted.
A-2	GW computes the following.
	XSi = h(H_IDi∥xs)
	RNi = vi ⊕ Xsi
	X* = DIDi ⊕ h(Xsi∥RNi∥Ti)
	MUi−G* = h((X* ⊕ h(H_IDi∥K))∥Xsi∥RNi∥Ti)
	GW compares MUi−G* with MUi−G. If MUi−G*=MUi−G, then the next step proceeds; otherwise, this phase is aborted.
A-3	GW computes the following. TG is the current timestamp of GW system. Sj is the nearest sensor node that can respond to Ui 's request.
	Xsj=h(SIDj∥xs)
	MG−Sj = h(DIDi∥SIDj∥Xsj∥TG)
	GW sends the authentication request {DIDi, MG−Sj, TG} to Sj.
A-4	GW checks if (T j − TG) ≤ ΔT, where Tj is the current timestamp of Sj.
	If (T j − TG) ≤ ΔT, then the next step proceeds; otherwise, this phase is aborted.
A-5	Sj computes ${M_{G-Sj}}^{*}=h\left(DI{D}_i\left|\left|SI{D}_j\right|\right|X{s}_i^{*}\Vert T_G\right).$
	Sj compares MG−Sj* with MG−Sj. If MG−Sj* = MG−Sj, then the next step proceeds; otherwise, this phase is aborted.
A-6	Sj generates a random nonce RNj and computes the following.
	$y_j=R{N}_j\oplus X{s}_j^{*}$
	zi = MG−Sj*⊕RNj
	$M_{S_j-G}=h(z_i\Vert X{s}_j^{*}\Vert T_j)$
	Sj sends the authentication request {yi, MSj−G, Tj} to GW.
A-7	GW checks if (TG′ − Tj) ≤ ΔT, where TG′ is the current timestamp of GW.
	If (TG′ − Tj) ≤ ΔT, then the next step proceeds; otherwise, this phase is aborted
A-8	GW computes the following.
	RNj = yj ⊕ Xsi
	$z_i^{*}=M_{G-S_j}\oplus R{N}_j$
	${M_{S_j-G}}^{*}=h\left(z_i^{*}\Vert X{s}_j\Vert T_j\right)$
	GW compares MSj−G* with MSj−G. If MSj−G = MSj−G, then the next step proceeds; otherwise, this phase is aborted.
A-9	GW computes the following:
	MG−Ui = h(DIDi ∥MG−Sj∥MUi−G∥Xsi∥TG′)
	$w_i=z_i^{*}\oplus X{s}_i$
	yi=RNj ⊕ Xsi
	qj=Xsj ⊕ RNj
	GW sends the authentication request {yi, wi, MG−Ui, qj, TG′)} to Ui.
A-10	Ui checks if (Ti′−TG′) ≤ ΔT, where Ti′ is the current timestamp of Ui. If (Ti′−TG′) ≤ ΔT, then the next step proceeds; otherwise, this phase is aborted.
A-11	The smart card computes the following:
	RNj =yi ⊕Xsi
	$z_i^{*}=w_i\oplus X{s}_i$
	$M_{G-S_j}^{*}=z_i^{*}\oplus R{N}_j$
	${M_{G-U_i}}^{*}=h\left(DI{D}_i\Vert M_{G-S_j}^{*}\Vert M_{U_i-G}\Vert X{s}_i\Vert T_G\prime \right)$
	The smart card compares MG−Ui* with MG−Ui. If MG−Ui* =MG−Ui, then mutual authentication between Ui and SNj is completed successfully; otherwise, this phase is aborted.
A-12	The smart card computes the following to get a session key for communication with Sj. Meanwhile, Sj also computes KS = f((DIDi ∥RNi), Xsj to share a session key with Ui.
	Xsj = qj ⊕ RNj
	Ks = f((DIDi∥RNj), Xsj)