Disclosed are methods for a client, having established one set of security
keys, to establish a new set without having to communicate with an
authentication server. When the client joins a group, master session
security keys are derived and made known to the client and to the group's
access server. From the master session security keys, the access server
and client each derive transient session security keys, used for
authentication and encryption. To change the transient session security
keys, the access server creates "liveness" information and sends it to
the client. New master session security keys are derived from the
liveness information and the current set of transient session security
keys. From these new master session security keys are derived new
transient session security keys. This process limits the amount of data
sent using one set of transient session security keys and thus limits the
effectiveness of any statistical attacker.