The Network then aswers to the Phone and the Application the keys and the time to live and the hashed value of that using a hash function named ``Mac''.
The Phone and the Application verify the Mac and then the phone sends a nonce to the phone and the phone answers back with a new nonce and the original nonce.
The file ag01598\_6644818\_1\_2.spdl contains the base model of $\text{protocol}\Pi$ and the claims.
I added non-injective synchronization(nisynch) to all the roles to guarantee that all the roles, at least, some roles communicated as described by the protocol.
I added a secret claim to SesK (Session key) to all roles, as the session key should be private.
Furthermore, I added Commit and Running claims between some roles to check for agreement between some variables:
\begin{itemize}
\item{Agreement between Phone and Network over the time to live and the session key}
\item{Agreement between Application and Network over the time to live and the session key}
\item{Agreement between Application and Phone over the message and the message m}