A method of authenticating a user access network to a mobile node, where the mobile node wishes to access a service via the access network, the method comprising: establishing a secure transport channel between the mobile node and a service access node of the visited network, said channel being bound to an identity of the service access node; sending an authorization request from the mobile node to the service access node, incorporating an identity of the service access node into the request at the service access node, and forwarding the request to an authorization node of the user's home network; at said authorization node of the home network, authorizing the service access node, and sending to the service access node a user challenge including the identity of the service access node, said identity being included in such a way that a change to the identity can be detected by a recipient; at the serving access node, forwarding the received user challenge to the mobile node; and at the mobile node verifying whether or not the identity bound to the secure transport channel matches the identity contained in the received challenge.