Step 1	Login phase begins when Ui wants to access the WSN as described in Section 2.2.When Ui sends the authentication request {DIDi, MUi−G, vi, Ti} to GW, Uα eavesdrops on the transmission.
Step 2	Uα computes the following using xs and {DIDi, MUi−G, vi, Ti}. Tα and Tα′ denote the current timestamp of Tα system, and Tα < Tα′. Uα generates a random nonce RNα. SIDα is created by Uα.
	yi = RNα ⊕ xs
	MG−Sj = h(DIDi∥SIDα∥xs∥Tα)
	$z_i^{*}=M_{G-S_j}\oplus R{N}_{\alpha }$
	$w_i=z_i^{*}\oplus x_s$
	MG−Ui = h(DIDi∥MG−Sj∥MUi−G∥xs∥Tα′)
	Uα forges the authentication request sent from GW to Ui in authentication-key agreement phase using {yi, wi, MG−Ui, Tα′}.
Step 3	When Ui receives {yi, wi, MG−Ui, Tα′} from Uα, Ui checks if (TU′ − Tα′) ≤ ΔT, where TU′ is the current timestamp of Ui system. If (TU′ − Tα′) ≤ ΔT, then the next step proceeds; otherwise, this phase is aborted.
Step 4	The smart card computes the following.
	RNα = yi ⊕ xs
	$z_i^{*}=w_i\oplus x_s$
	$M_{G-Sj}=z_i^{*}\oplus R{N}_{\alpha }$
	MG−Ui*=h(DIDi∥MG−Sj∥MUi−G∥xs∥Tα′)
	The smart card compares MG−Uiwith MG−Ui*. Since MG−Ui=MG−Ui*, Ui regards {yi, wi, MG−Ui,Tα′} as being transmitted from GW. Therefore, Uα can communicate with Ui using the session key Ks = f((DIDi∥RNα), xs).