Step 1	Uα extracts xs and SIDj from a sensor node captured in the WSN.
Step 2	Login phase begins when Ui wants to access to the WSN as in Section 2.2. When Ui sends the authentication request {DIDi, MUi−G, vi, Ti} to GW, Uα eavesdrops on it.
Step 3	Uα computes the following using xs, SIDj and {DIDi, MUi−G, vi, Ti}. Tα and Tα′ denote the current timestamp of Uα system, and Tα < Tα′. Uα generates a random nonce RNα.
	yi=RNα⊕xs
	MG-Sj = h(DIDi∥SIDj ∥xs ∥Tα)
	$z_i^{*}=M_{G-S_j}\oplus R{N}_{\alpha }$
	$w_i=z_i^{*}\oplus x_s$
	MG−Ui*=h(DIDi∥MG−Sj∥MUi−G∥xs∥Tα′)
	Uα forges the authentication request sent from GW to Ui in authentication-key agreement phase using {yi, wi, MG−Ui),Tα′}.
Step 4	When Ui receives {yi, wi, MG−Ui, Tα′} from Uα, Ui checks if (TU′−Tα′) ≤ ΔT, where (TU′ is the current timestamp of Ui system. If (TU′−Tα′) ≤ ΔT, then the next step proceeds; otherwise, this phase is aborted.
Step 5	The smart card computes the following.
	RNα = yi ⊕ xs
	$z_i^{*}=w_i\oplus x_S$
	$M_{G-U_i}=h(DI{D}_i\Vert M_{G-S_j}\Vert M_{U_i-G}\Vert x_s\Vert T_{\alpha }\prime )$
	MG−Ui*=h(DIDi∥MG−Sj∥MUi−G∥xs∥Tα′)
	The smart card compares MG−Uiwith MG−Ui*. Since MG−Ui = MG−Ui*, Ui regards {yi, wi, MG−Ui,Tα′} as being transmitted from GW. Therefore, Uα can communicate with Ui using the session key Ks = f((DIDi∥RNα), xs).