Step 1:	Upon obtaining the message $\left\{B_i, DI{D}_i, M_1, M_2\right\}$ from $U_i$, the $BS$ computes $I{D}_i^{*}=DI{D}_i\oplus h(B_i\Vert X)$, $\left(R_U^{*}\Vert I{D}_{S{N}_j}^{*}\Vert I{D}_{GW{N}_j}^{*}\Vert T_1\right)=D_{Ai}\left(M_1\right)$ and checks if $T_2-T_1\le ∆T$ holds. If this does not true, then session expires. Otherwise, $BS$ computes $M_2^{*}=h\left(R_U^{*}\Vert I{D}_i^{*}\Vert T_1^{*}\Vert h(B_i\Vert X\right))$ and verifies if $M_2^{*}$ equals $M_2$ or not. If it holds, then $U_i$ is legal and $BS$ goes to next step. Otherwise, the session is rejected.
Step 2:	Now, the $BS$ produces a random nonce $R_{BS}$ and computes $M_3=E_{h(X_{BS-GW{N}_j})}\left(I{D}_i\Vert R{I}_j\Vert I{D}_{S{N}_j}\Vert R_U\Vert R_{BS}\Vert T_3\right)$, $M_5=h\left(M_2\Vert I{D}_i\Vert T_3\Vert R_{BS}\Vert R_U\right)$ and then sends $\left\{M_3, M_2, M_5\right\}$ to $GW{N}_j$ via public channel.
Step 3:	After getting request message $\left\{M_3, M_2, M_5\right\}$ from $BS$, the $GW{N}_j$ computes $\left(I{D}_i\Vert R{I}_j\Vert I{D}_{S{N}_j}\Vert R_U\Vert R_{BS}\Vert T_3\right)=D_{h(X_{BS-GW{N}_j})}\left(M_3\right)$ and $\left(R_U^{*}\Vert I{D}_{S{N}_j}^{*}\Vert I{D}_{GW{N}_j}^{*}\Vert T_1\right)= D_{A_i}\left(M_1\right)$, then checks if two condition $T_4-T_3\le ∆T$ and $M_5^{*}{ }_{=}^{?} M_5$ hold. If both conditions are true then it proceeds further. Otherwise, the session is terminated.
Step 4:	Now, the $GW{N}_j$ generates a random nonce $R_{GW{N}_j}$ and calculates $M_6= E_{R{I}_j}\left(R_{BS}\Vert T_5\Vert R_U\Vert R_{GW{N}_j}\Vert I{D}_i\right)$, $M_7=h\left(M_2\Vert R{I}_j\Vert R_{GW{N}_j}\Vert I{D}_i\Vert R_U\right)$ and then sends $\left\{ M_2, M_6, M_7 \right\}$ to $S{N}_j$.
Step 5:	Upon obtaining the message from $GW{N}_j$, the $S{N}_j$ computes $\left(R_{BS}\Vert T_5\Vert R_U\Vert R_{GW{N}_j}\Vert I{D}_i\right)=D_{R{I}_j}\left(M_6\right)$, $M_7^{*}=h\left(M_2\Vert R{I}_j\Vert R_{GW{N}_j}\Vert I{D}_i\Vert R_U\right)$ and then verifies if two conditions $T_6-T_5\le ∆T$ and $M_7^{*}{ }_{=}^{?} M_7$ hold. If both are true, then $S{N}_j$ goes to the next step, Otherwise, the session is terminated.
Step 6:	Now, the $S{N}_j$ generates a random nonce $R_{S{N}_j}$, computes $M_8=R_{S{N}_j}\oplus h\left(R{I}_j\Vert R_{GW{N}_j}\right)$, $SK=h\left(R_{GW{N}_j}\Vert R_U\Vert R_{S{N}_j}\Vert R{I}_j\Vert M_2\right)$, $M_9=h\left(SK\Vert I{D}_i\right)$ and sends $\left\{ M_8, M_9, T_7 \right\}$ to $GW{N}_j$ via public channel.
Step 7:	After getting the message from $S{N}_j$, $GW{N}_j$ firstly verifies if $T_8-T_7\le ∆T$ holds. If true, the process continues. Otherwise, the session expires. Then, $GW{N}_j$ calculates $R_{S{N}_j}^{*}=M_8\oplus h\left(R{I}_j\Vert R_{GW{N}_j}\right)$, $S{K}^{*}=h\left(R_{GW{N}_j}\Vert R_U\Vert R_{S{N}_j}^{*}\Vert R{I}_j\Vert M_2\right)$ and $M_9^{*}=h\left(S{K}^{*}\Vert I{D}_i\right)$, then checks if $M_9^{*}{ }_{=}^{?} M_9$. If it holds, the next step proceeds. Otherwise, the session is terminated.
Step 8:	The $GW{N}_j$ computes $M_{10}= E_{h\left(R_U\Vert I{D}_i\right)}\left(R{I}_j\Vert T_9\Vert R_{GW{N}_j}\Vert R_{S{N}_j}\Vert M_2\right)$ and sends $\left\{ M_9, M_{10} \right\}$ to $U_i$ via public channel.
Step 9:	After getting the message from $GW{N}_j$, $U_i$ computes $\left(R{I}_j\Vert T_{9 }\Vert R_{GW{N}_j}\Vert R_{S{N}_j}\Vert M_2\right)=D_{h\left(R_U\Vert I{D}_i\right)}(M_{10})$ and verifies if $T_{10}-T_9\le ∆T$ holds. If it holds, the next step proceeds.
Step 10:	The $U_i$ calculates $S{K}^{*}$=$h\left(R_{GW{N}_j}\Vert R_U\Vert R_{S{N}_j}\Vert R{I}_j\Vert M_2\right)$, $M_9^{*}=h\left(S{K}^{*}\Vert I{D}_i\right)$ and checks if $M_9^{*}{ }_{=}^{?} M_9$ holds. If it holds, mutual-authentication and session-key agreement holds.