Patent attributes
Various examples are directed to systems and methods for establishing a secure, authenticated connection between devices utilizing a password authenticated key exchange. A client may send an encrypted connection request message to a server via a first communication medium. The server may send the client first data token data via a first communication medium. The client may encrypt the first data token with a password-authenticated key, for example, obtained in a password authenticated key exchange with the server. The client may encrypt the first token data based at least in part on the password-authenticated key to generate a message authentication code (MAC). The client may send the MAC to the server.