The present invention provides a method for communication involving a supplicant, an authenticator, and an authentication server having an established security association based on a first key. The supplicant and the authenticator also have an established security association based on a second key. The method may include modifying the second key using the first key in response to determining that a challenge response from the supplicant is valid.