Peer                                                    Server
    |                       EAP-Request/Identity             |
    |<-------------------------------------------------------|
    |                                                        |
    |  EAP-Response/Identity                                 |
    |  (Includes user's Network Access Identifier, NAI)      |
    |------------------------------------------------------->|
    |         +--------------------------------------------------+
    |         | Server determines the network name and ensures   |
    |         | that the given access network is authorized to   |
    |         | use the claimed name.  The server then runs the  |
    |         | AKA' algorithms generating RAND and AUTN, and    |
    |         | derives session keys from CK' and IK'.  RAND and |
    |         | AUTN are sent as AT_RAND and AT_AUTN attributes, |
    |         | whereas the network name is transported in the   |
    |         | AT_KDF_INPUT attribute.  AT_KDF signals the used |
    |         | key derivation function.  The session keys are   |
    |         | used in creating the AT_MAC attribute.           |
    |         +--------------------------------------------------+
    |                         EAP-Request/AKA'-Challenge     |
    |        (AT_RAND, AT_AUTN, AT_KDF, AT_KDF_INPUT, AT_MAC)|
    |<-------------------------------------------------------|
+------------------------------------------------------+     |
| The peer determines what the network name should be, |     |
| based on, e.g., what access technology it is using.  |     |
| The peer also retrieves the network name sent by     |     |
| the network from the AT_KDF_INPUT attribute.  The    |     |
| two names are compared for discrepancies, and if     |     |
| necessary, the authentication is aborted.  Otherwise,|     |
| the network name from AT_KDF_INPUT attribute is      |     |
| used in running the AKA' algorithms, verifying AUTN  |     |
| from AT_AUTN and MAC from AT_MAC attributes.  The    |     |
| peer then generates RES.  The peer also derives      |     |
| session keys from CK'/IK'.  The AT_RES and AT_MAC    |     |
| attributes are constructed.                          |     |
+------------------------------------------------------+     |
    | EAP-Response/AKA'-Challenge                            |
    | (AT_RES, AT_MAC)                                       |
    |------------------------------------------------------->|
    |         +--------------------------------------------------+
    |         | Server checks the RES and MAC values received    |
    |         | in AT_RES and AT_MAC, respectively.  Success     |
    |         | requires both to be found correct.               |
    |         +--------------------------------------------------+
    |                                           EAP-Success  |
    |<-------------------------------------------------------|