A-1	GW checks if (TG−Ti) ≤ ΔT, where TG is the current timestamp of GW system, and ΔT is the maximum permitted transmission delay time. If (TG−Ti) ≤ ΔT, then the next step proceeds; otherwise, this phase is aborted.
A-2	GW computes the following.
	RNi=vi⊕xs
	X*=DIDi⊕h(xs∥RNi∥Ti)
	MUi−G*=h((X*⊕h(K))∥xs∥RNi∥Ti)
	GW compares MUi−G* with MUi−G*. If MUi−G* =MUi−G, then the next step proceeds; otherwise, this phase is aborted.
A-3	GW computes MG−Sj=h(DIDi∥SIDj∥xs∥TG). TG is the current timestamp of GW system. Sj is the nearest sensor node that can respond to Ui's request.
	GW sends the authentication request {DIDi, MG−Sj, TG} to Sj.
A-4	GW checks if (Tj − TG) ≤ ΔT, where Tj is the current timestamp of Sj system.
	If (Tj −TG) ≤ ΔT, then the next step proceeds; otherwise, this phase is aborted.
A-5	Sj computes MG−Sj*=h(DIDi∥SIDj∥xs∥TG).
	Sj compares MG−Sj* with MG−Sj. If MG−Sj* = MG−Sj, then the next step proceeds; otherwise, this phase is aborted.
A-6	Sj generates a random nonce RNj and computes the following.
	yi = RNj⊕xs
	zi = MG−Sj*⊕RNj
	MSj−G = h(zi∥xs∥Tj)
	Sj sends the authentication request {yi, MSj−G, Tj} to GW.
A-7	GW checks if (TG′ − Tj) ≤ ΔT, where TG′ is the current timestamp of GW system.
	If (TG′−Tj) ≤ ΔT, then the next step proceeds; otherwise, this phase is aborted.
A-8	GW computes the following.
	RNj=yi ⊕ xs
	$z_i^{\ast }=M_{G-S_j}\oplus R{N}_j$
	$M_{S_j-G}*=h\left(z_i^{*}\Vert x_s\Vert T_j\right)$
	GW compares MSj−G* with MSj−G. If MSj−G* = MSj−G, then the next step proceeds; otherwise, this phase is aborted.
A-9	GW computes the following.
	MG−Ui = h(DIDi∥MG−Sj∥MUi−G∥xs∥TG′)
	$w_i=z_i^{*}{x}_s$
	GW sends the authentication request {yi, wi, MG−Ui, TG′} to Ui.
A-10	Ui checks if (Ti′ − TG′) ≤ ΔT, where Ti′ is the current timestamp of Ui system. If (Ti′ − TG′) ≤ ΔT, then the next step proceeds; otherwise, this phase is aborted.
A-11	The smart card computes the following.
	RNj = yi ⊕ xs
	$z_i^{*}=w_i\oplus x_s$
	$M_{G-S_j}=z_i^{*}\oplus R{N}_j$
	MG−Ui* = h(DIDi∥MG−Sj∥MUi−G∥xs∥TG′)
	The smart card compares MG−Ui* with MG−Ui. If MG−Ui* = MG−Ui, then mutual authentication between Ui and Sj is completed successfully; otherwise, this phase is aborted.
A-12	The smart card computes Ks = f((DIDi∥RNi),xs) to obtain a session key for communication with Sj. Meanwhile, Sj also computes KS = f((DIDi∥RNi),xs) to share a session key with Ui.