A secure element of a mobile device receives a first authentication token, which may have an encrypted portion and a non-encrypted portion, from a network gateway device to which the mobile device is connected. The secure element determines whether the first authentication token is valid based on a sequence number included in the first authentication token. If the secure element determines that the first authentication token is valid, the secure element generates a second authentication token that indicates a result of an authentication operation performed by the secure element. The second authentication token is sent to the network gateway device. The secure element derives a pre-shared key using a key derivation function, where the pre-shared key is usable to establish a secure communication channel with the network gateway device.