Embodiments herein further include a method for enabling secured, authenticated communication between an initiator and a responder. The method as performed by third party equipment of a third party includes receiving, at the third party equipment and from the responder, a request that includes data (e.g., bound to a secure communication channel established between the initiator and the responder) and that requests the third party to sign the data. The method may further include signing the data at the third party equipment and transmitting the signed data from the third party equipment towards the responder in response to the request.

Note that the data described in any of the methods in some embodiments includes or is a function of at least some data exchanged between the initiator and the responder as part of establishing the secure communication channel. In one embodiment, for instance, the data comprises an authentication payload formed from at least a portion of a message that the responder sent to the initiator as part of establishing the secure communication channel. Alternatively or additionally, the data may include or be a function of one or more of: a shared secret resulting from establishment of the secure communication channel; one or more freshness parameters exchanged as part of establishing the secure communication channel; and an identity of the responder and/or an identity of the initiator.

In still further embodiments, the data described above may comprises a random number signed with a key derived from a shared secret SKEYSEED. The shared secret SKEYSEED may for instance be calculated from one or more nonces exchanged between the initiator and the responder as part of establishing the secure communication channel and from a Diffie-Hellman shared secret or an Elliptic Curve Diffie-Hellman shared secret between the initiator and the responder.