The Network then aswers to the Phone and the Application the keys and the time to live and the hashed value of that using a hash function named ``Mac''.
The Phone and the Application verify the Mac and then the phone sends a nonce to the phone and the phone answers back with a new nonce and the original nonce.
The file ag01598\_6644818\_1\_2.spdl contains the base model of $\text{protocol}\Pi$ and the claims.
I added non-injective synchronization(nisynch) to all the roles to guarantee that all the roles, at least, some roles communicated as described by the protocol.
I added a secret claim to SesK (Session key) to all roles, as the session key should be private.
Furthermore, I added Commit and Running claims between some roles to check for agreement between some variables:
\begin{itemize}
\item{Agreement between Phone and Network over the time to live and the session key}
\item{Agreement between Application and Network over the time to live and the session key}
\item{Agreement between Application and Phone over the message and the message m}
There are 10 overall claims, where only three do not fail. The secrecy of SesK from the perspective of the Network. And agreement over the SesK and the time to live between the Phone and the Network, and the Application and the Network.