There is provided mechanisms for initial network authentication between a communications device and a network. A method is performed by the communications device. The communications device comprises an identity module supporting remote subscription profile download. The identity module comprises credentials for remote subscription profile download. The method comprises performing a first message exchange with an authentication server. The first message exchange comprises an identity module challenge obtained from the identity module being transmitted to the authentication server from the communications device. The method comprises receiving a second message from the authentication server. The second message comprises an ephemeral public key of the authentication server, an authentication server challenge and an authentication server signature. The authentication server signature is based on the ephemeral public key of the authentication server, the authentication server challenge, and the identity module challenge and follows a format used for handling remote subscription profile download to the identity module. The method comprises transmitting a third message towards the authentication server. The third message comprises an ephemeral public key of the communications device and an identity module signature. The identity module signature is based on the identity module credentials used for remote subscription profile download and is based on the ephemeral public key of the communications device and the authentication server challenge and follows the format used for remote subscription profile download to the identity module. The method comprises generating a master session key (MSK) from a shared secret established using the ephemeral public key of the authentication server and a private key corresponding to the ephemeral public key of the communications device. The MSK is for use when establishing secure communication between the communications device and the network.