A method of authenticating mobile user equipment in a mobile telecommunications network comprising the steps of receiving an authentication element from a serving network (SN) to which the user equipment is not directly subscribed, extracting the authentication management field (AMF) from the authentication element, generating in response at least to a predetermined value of the authentication management field (AMF), a key set identifier (KSI), and passing the key set identifier (KSI) to the serving network (SN).