A protocol for use as a phase 1 authentication (and key agreement) IKE protocol, similar to IKE phase 1 authentication with public key encryption, but using the IMS AKA trust infrastructure instead of the PKI trust infrastructure. The invention thus allows an initiator (11) having a secret long-term key stored on a smart cart (11a), to authenticate a responder (12), the responder (12) having in some cases a trusted interface with a Home Subscriber Server (14) that has a copy (14a) of the initiator's long-term key (and in other cases having itself access to the initiator's long-term key). The protocol includes a Diffie-Hellman exchange, and by authenticating the initiator (11) and responder (12), the protocol authenticates the exchange.