transmitting, to a base station, a first message including a first random value;

receiving, from the base station, a second message including a second random value and a base station certificate for the base station in response to transmitting the first message;

transmitting, to the base station, a certificate revocation information request message to receive revocation information for the base station certificate from a certificate verification server;

receiving, from the base station, a certificate revocation information response message including the revocation information for the base station certificate;

determining whether the base station certificate is valid based on the revocation information for the base station certificate;

transmitting, to the base station, a third message including a UE certificate and a temporary session key based on a determination that the base station certificate is valid; and

receiving, from the base station, a fourth message indicating that the mutual authentication operation between the UE and the base station is completed in case that an authentication operation of the UE certificate is completed,

wherein a session key for the base station is generated based on the first random value, the second random value, and the temporary session key, and

wherein the revocation information for the base station certificate comprises a credential revocation list (CRL) indicating a certificate revocation list, and the revocation information for the base station certificate is identified per registration area (RA) or per tracking area (TA) based on location information for at least one base station and movement information for at least one UE.